./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3776141459 <...> Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts. execve("./syz-executor3776141459", ["./syz-executor3776141459"], 0x7ffdfc012df0 /* 10 vars */) = 0 brk(NULL) = 0x55555720b000 brk(0x55555720bd40) = 0x55555720bd40 arch_prctl(ARCH_SET_FS, 0x55555720b3c0) = 0 set_tid_address(0x55555720b690) = 5062 set_robust_list(0x55555720b6a0, 24) = 0 rseq(0x55555720bce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3776141459", 4096) = 28 getrandom("\x3a\xd6\x05\x6a\xb9\x94\xd3\x29", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555720bd40 brk(0x55555722cd40) = 0x55555722cd40 brk(0x55555722d000) = 0x55555722d000 mprotect(0x7f50e625d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.Q6oKgg", 0700) = 0 chmod("./syzkaller.Q6oKgg", 0777) = 0 chdir("./syzkaller.Q6oKgg") = 0 mkdir("./0", 0777) = 0 [ 71.389848][ T27] audit: type=1400 audit(1701154766.606:83): avc: denied { execmem } for pid=5062 comm="syz-executor377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5063 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] chdir("./0") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5063] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [ 71.436355][ T27] audit: type=1400 audit(1701154766.656:84): avc: denied { read write } for pid=5062 comm="syz-executor377" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 71.460751][ T27] audit: type=1400 audit(1701154766.656:85): avc: denied { open } for pid=5062 comm="syz-executor377" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0} => {parent_tid=[5064]}, 88) = 5064 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5064] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 71.485862][ T27] audit: type=1400 audit(1701154766.656:86): avc: denied { ioctl } for pid=5062 comm="syz-executor377" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5064] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [ 71.554021][ T5064] loop0: detected capacity change from 0 to 2048 [ 71.568087][ T5064] ======================================================= [ 71.568087][ T5064] WARNING: The mand mount option has been deprecated and [ 71.568087][ T5064] and is ignored by this kernel. Remove the mand [ 71.568087][ T5064] option from the mount to silence this warning. [ 71.568087][ T5064] ======================================================= [pid 5064] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [ 71.568116][ T27] audit: type=1400 audit(1701154766.786:87): avc: denied { mounton } for pid=5063 comm="syz-executor377" path="/root/syzkaller.Q6oKgg/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 71.630173][ T5064] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 71.642321][ T5064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5064] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5063] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... open resumed>) = 5 [pid 5064] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] ftruncate(5, 33587199 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... ftruncate resumed>) = 0 [pid 5064] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 71.655990][ T27] audit: type=1400 audit(1701154766.876:88): avc: denied { mount } for pid=5063 comm="syz-executor377" name="/" dev="loop0" ino=1376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [pid 5063] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 0 [pid 5064] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5063] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5063] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5064] <... mmap resumed>) = 0x20000000 [pid 5064] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... mprotect resumed>) = 0 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5066]}, 88) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... rseq resumed>) = 0 [pid 5063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] set_robust_list(0x7f50e61579a0, 24 [pid 5063] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... set_robust_list resumed>) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5066] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5066] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5064] read(6, [pid 5063] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5063] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 0 [pid 5066] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5064] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5066] +++ killed by SIGBUS +++ [pid 5063] <... futex resumed>) = ? [pid 5064] +++ killed by SIGBUS +++ [pid 5063] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5063, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 72.113367][ T27] audit: type=1400 audit(1701154767.336:89): avc: denied { unmount } for pid=5062 comm="syz-executor377" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.144115][ T27] audit: type=1400 audit(1701154767.366:90): avc: denied { append } for pid=4494 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 72.166342][ T27] audit: type=1400 audit(1701154767.366:91): avc: denied { open } for pid=4494 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 72.188851][ T27] audit: type=1400 audit(1701154767.366:92): avc: denied { getattr } for pid=4494 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached , child_tidptr=0x55555720b690) = 5067 [pid 5067] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5067] chdir("./1") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5067] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5067] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5068] set_robust_list(0x7f50e61789a0, 24 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] <... set_robust_list resumed>) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] memfd_create("syzkaller", 0 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5068] <... memfd_create resumed>) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5068] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file0", 0777) = 0 [pid 5068] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./file0") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4) = 0 [pid 5068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... open resumed>) = 4 [pid 5068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5067] <... futex resumed>) = 0 [pid 5068] <... open resumed>) = 5 [pid 5067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.464902][ T5068] loop0: detected capacity change from 0 to 2048 [ 72.487544][ T5068] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 72.499759][ T5068] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5068] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] <... futex resumed>) = 0 [pid 5068] ftruncate(5, 33587199 [pid 5067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... ftruncate resumed>) = 0 [pid 5068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5068] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] <... futex resumed>) = 0 [pid 5068] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5067] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5067] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5069 attached [pid 5068] <... mmap resumed>) = 0x20000000 [pid 5069] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... rseq resumed>) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5069] set_robust_list(0x7f50e61579a0, 24 [pid 5068] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... set_robust_list resumed>) = 0 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] <... clone3 resumed> => {parent_tid=[5069]}, 88) = 5069 [pid 5069] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5067] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5069] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] read(6, [pid 5067] <... futex resumed>) = 1 [pid 5067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5067] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5067] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5068] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5067] <... futex resumed>) = ? [pid 5068] +++ killed by SIGBUS +++ [pid 5069] +++ killed by SIGBUS +++ [pid 5067] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5067, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555720b690) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5070] chdir("./2") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5070] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5071 attached => {parent_tid=[5071]}, 88) = 5071 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] set_robust_list(0x7f50e61789a0, 24 [pid 5070] <... futex resumed>) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5071] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [ 73.261784][ T5071] loop0: detected capacity change from 0 to 2048 [ 73.294460][ T5071] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5071] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [ 73.306601][ T5071] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... open resumed>) = 4 [pid 5071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5071] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... open resumed>) = 5 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] ftruncate(5, 33587199) = 0 [pid 5071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5070] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5070] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5071] <... mmap resumed>) = 0x20000000 [pid 5070] <... mprotect resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5072 attached [pid 5072] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5071] <... futex resumed>) = 0 [pid 5070] <... clone3 resumed> => {parent_tid=[5072]}, 88) = 5072 [pid 5071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... rseq resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] set_robust_list(0x7f50e61579a0, 24 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] <... set_robust_list resumed>) = 0 [pid 5070] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] <... futex resumed>) = 0 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5072] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5072] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] read(6, [pid 5070] <... futex resumed>) = 1 [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5070] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 0 [pid 5072] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5071] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5070] <... futex resumed>) = ? [pid 5072] +++ killed by SIGBUS +++ [pid 5071] +++ killed by SIGBUS +++ [pid 5070] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5070, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x55555720b690) = 5073 [pid 5073] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5073] chdir("./3") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5073] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5074 attached => {parent_tid=[5074]}, 88) = 5074 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... rseq resumed>) = 0 [pid 5074] set_robust_list(0x7f50e61789a0, 24 [pid 5073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5074] <... set_robust_list resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5074] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file0", 0777) = 0 [pid 5074] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file0") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... futex resumed>) = 0 [pid 5074] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 74.030332][ T5074] loop0: detected capacity change from 0 to 2048 [ 74.046968][ T5074] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 74.059249][ T5074] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ftruncate(5, 33587199 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... ftruncate resumed>) = 0 [pid 5074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5074] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... mmap resumed>) = 0x20000000 [pid 5073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 0 [pid 5074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5073] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5075]}, 88) = 5075 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5075] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5075] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5074] read(6, [pid 5075] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5073] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5074] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5073] <... futex resumed>) = ? [pid 5074] +++ killed by SIGBUS +++ [pid 5075] +++ killed by SIGBUS +++ [pid 5073] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5073, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555720b690) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5076] chdir("./4") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5076] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5077 attached [pid 5077] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5076] <... clone3 resumed> => {parent_tid=[5077]}, 88) = 5077 [pid 5077] <... rseq resumed>) = 0 [pid 5077] set_robust_list(0x7f50e61789a0, 24 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5077] memfd_create("syzkaller", 0 [pid 5076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5077] <... memfd_create resumed>) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5077] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file0", 0777) = 0 [pid 5077] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file0") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5076] <... futex resumed>) = 0 [ 74.630817][ T5077] loop0: detected capacity change from 0 to 2048 [ 74.648764][ T5077] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 74.660443][ T5077] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... open resumed>) = 4 [pid 5077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5077] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... open resumed>) = 5 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] ftruncate(5, 33587199 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] <... ftruncate resumed>) = 0 [pid 5077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5076] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] <... mmap resumed>) = 0x20000000 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5078 attached [pid 5077] <... futex resumed>) = 0 [pid 5078] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5076] <... clone3 resumed> => {parent_tid=[5078]}, 88) = 5078 [pid 5078] <... rseq resumed>) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5078] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5078] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5077] read(6, [pid 5076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5076] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5077] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5076] <... futex resumed>) = ? [pid 5078] +++ killed by SIGBUS +++ [pid 5077] +++ killed by SIGBUS +++ [pid 5076] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5076, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached , child_tidptr=0x55555720b690) = 5079 [pid 5079] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5079] chdir("./5") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5079] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5080 attached [pid 5080] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5079] <... clone3 resumed> => {parent_tid=[5080]}, 88) = 5080 [pid 5080] <... rseq resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] set_robust_list(0x7f50e61789a0, 24 [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] <... futex resumed>) = 0 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] memfd_create("syzkaller", 0 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5080] <... memfd_create resumed>) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5080] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [pid 5080] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... open resumed>) = 4 [pid 5080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... open resumed>) = 5 [pid 5080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5080] ftruncate(5, 33587199 [pid 5079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... ftruncate resumed>) = 0 [pid 5080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [ 75.286339][ T5080] loop0: detected capacity change from 0 to 2048 [ 75.296490][ T5080] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 75.309244][ T5080] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5080] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5079] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5079] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5081 attached => {parent_tid=[5081]}, 88) = 5081 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5079] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rseq resumed>) = 0 [pid 5079] <... futex resumed>) = 0 [pid 5081] set_robust_list(0x7f50e61579a0, 24 [pid 5079] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] <... mmap resumed>) = 0x20000000 [pid 5080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5080] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... openat resumed>) = 6 [pid 5081] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5080] read(6, [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5079] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5079] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5080] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5081] +++ killed by SIGBUS +++ [pid 5079] <... futex resumed>) = ? [pid 5080] +++ killed by SIGBUS +++ [pid 5079] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5079, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x55555720b690) = 5082 [pid 5082] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5082] chdir("./6") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5082] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5083] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5082] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... memfd_create resumed>) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5083] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [pid 5083] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [ 76.043730][ T5083] loop0: detected capacity change from 0 to 2048 [ 76.068281][ T5083] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 76.080360][ T5083] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5083] close(4) = 0 [pid 5083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... open resumed>) = 4 [pid 5083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... open resumed>) = 5 [pid 5082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ftruncate(5, 33587199 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... ftruncate resumed>) = 0 [pid 5083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5082] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5082] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5083] <... mmap resumed>) = 0x20000000 [pid 5082] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5082] <... clone3 resumed> => {parent_tid=[5084]}, 88) = 5084 [pid 5084] set_robust_list(0x7f50e61579a0, 24 [pid 5083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... set_robust_list resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5082] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... openat resumed>) = 6 [pid 5084] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] read(6, [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5082] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5083] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5084] +++ killed by SIGBUS +++ [pid 5083] +++ killed by SIGBUS +++ [pid 5082] <... futex resumed>) = ? [pid 5082] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5082, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5085 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5085] chdir("./7") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5085] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5086 attached [pid 5086] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] <... clone3 resumed> => {parent_tid=[5086]}, 88) = 5086 [pid 5086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 1 [pid 5086] memfd_create("syzkaller", 0 [pid 5085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... memfd_create resumed>) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5086] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [ 76.868534][ T5086] loop0: detected capacity change from 0 to 2048 [ 76.904958][ T5086] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5086] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open resumed>) = 4 [pid 5086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... open resumed>) = 5 [pid 5085] <... futex resumed>) = 0 [ 76.918755][ T5086] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] ftruncate(5, 33587199 [pid 5085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... ftruncate resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5086] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5085] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5085] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5087]}, 88) = 5087 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5087 attached [pid 5085] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5085] <... futex resumed>) = 0 [pid 5087] <... rseq resumed>) = 0 [pid 5087] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5087] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5087] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5087] read(6, [pid 5085] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5085] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5085] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5085] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5088] <... rseq resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] set_robust_list(0x7f50e61369a0, 24 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... futex resumed>) = 0 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] memfd_create("syzkaller", 0) = 7 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd16000 [pid 5088] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5086] <... mmap resumed>) = 0x20000000 [pid 5088] munmap(0x7f50ddd16000, 138412032 [pid 5086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... munmap resumed>) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5088] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5088] ioctl(8, LOOP_CLR_FD) = 0 [pid 5088] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5088] close(8) = 0 [pid 5088] close(7) = 0 [pid 5088] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5088] futex(0x7f50e62636e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] exit_group(0 [pid 5088] <... futex resumed>) = ? [pid 5086] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5087] <... read resumed> ) = ? [pid 5087] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=60 /* 0.60 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5089] chdir("./8") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5089 [pid 5089] <... setpgid resumed>) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5089] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5089] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] set_robust_list(0x7f50e61789a0, 24 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5090] memfd_create("syzkaller", 0 [pid 5089] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] <... memfd_create resumed>) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5090] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5089] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] <... open resumed>) = 4 [pid 5089] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] ftruncate(5, 33587199 [pid 5089] <... futex resumed>) = 0 [ 78.144842][ T5090] loop0: detected capacity change from 0 to 2048 [ 78.170816][ T5090] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 78.183022][ T5090] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5089] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... ftruncate resumed>) = 0 [pid 5090] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = 0 [pid 5090] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5089] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5089] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] <... mmap resumed>) = 0x20000000 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5090] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5090] <... futex resumed>) = 0 [pid 5089] <... clone3 resumed> => {parent_tid=[5091]}, 88) = 5091 [pid 5091] <... rseq resumed>) = 0 [pid 5090] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] set_robust_list(0x7f50e61579a0, 24 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5089] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] <... futex resumed>) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5091] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5090] read(6, [pid 5089] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5091] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5089] <... futex resumed>) = ? [pid 5091] +++ killed by SIGBUS +++ [pid 5090] <... read resumed> ) = ? [pid 5090] +++ killed by SIGBUS +++ [pid 5089] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5089, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x55555720b690) = 5092 [pid 5092] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5092] chdir("./9") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5092] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5093 attached [pid 5093] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5092] <... clone3 resumed> => {parent_tid=[5093]}, 88) = 5093 [pid 5093] <... rseq resumed>) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] set_robust_list(0x7f50e61789a0, 24 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5093] <... set_robust_list resumed>) = 0 [pid 5092] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] <... futex resumed>) = 0 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5093] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file0") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... open resumed>) = 4 [pid 5093] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [ 78.828601][ T5093] loop0: detected capacity change from 0 to 2048 [ 78.855579][ T5093] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 78.867951][ T5093] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5093] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] ftruncate(5, 33587199 [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... ftruncate resumed>) = 0 [pid 5093] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5092] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5092] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5094 attached [pid 5094] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5092] <... clone3 resumed> => {parent_tid=[5094]}, 88) = 5094 [pid 5094] <... rseq resumed>) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] set_robust_list(0x7f50e61579a0, 24 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5093] <... mmap resumed>) = 0x20000000 [pid 5092] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] <... futex resumed>) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5094] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5092] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] read(6, [pid 5092] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5092] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5092] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5092] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5093] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5094] +++ killed by SIGBUS +++ [pid 5093] +++ killed by SIGBUS +++ [pid 5092] <... futex resumed>) = ? [pid 5092] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5092, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x55555720b690) = 5095 [pid 5095] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5095] chdir("./10") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5095] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5096 attached => {parent_tid=[5096]}, 88) = 5096 [pid 5096] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5096] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5096] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5095] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... open resumed>) = 4 [pid 5096] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5095] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... open resumed>) = 5 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] ftruncate(5, 33587199 [pid 5095] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ftruncate resumed>) = 0 [pid 5096] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 79.499740][ T5096] loop0: detected capacity change from 0 to 2048 [ 79.510372][ T5096] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 79.522880][ T5096] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5096] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5095] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5095] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5095] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] <... mmap resumed>) = 0x20000000 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5097 attached [pid 5096] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5095] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5097] <... rseq resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] set_robust_list(0x7f50e61579a0, 24 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] <... set_robust_list resumed>) = 0 [pid 5095] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] <... futex resumed>) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5097] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5097] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] read(6, [pid 5095] <... futex resumed>) = 1 [pid 5095] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5095] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5095] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5097] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5096] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5096] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5095] <... futex resumed>) = ? [pid 5097] +++ killed by SIGBUS +++ [pid 5096] +++ killed by SIGBUS +++ [pid 5095] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5095, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x55555720b690) = 5098 [pid 5098] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5098] chdir("./11") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5098] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5099 attached => {parent_tid=[5099]}, 88) = 5099 [pid 5099] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] <... rseq resumed>) = 0 [pid 5098] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] set_robust_list(0x7f50e61789a0, 24 [pid 5098] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] <... set_robust_list resumed>) = 0 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5099] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file0", 0777) = 0 [ 80.278708][ T5099] loop0: detected capacity change from 0 to 2048 [ 80.311479][ T5099] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5099] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file0") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [ 80.323537][ T5099] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... open resumed>) = 5 [pid 5098] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] ftruncate(5, 33587199 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... ftruncate resumed>) = 0 [pid 5099] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5099] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5098] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5098] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] <... mmap resumed>) = 0x20000000 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5099] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5099] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5100] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... clone3 resumed> => {parent_tid=[5100]}, 88) = 5100 [pid 5100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5100] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5098] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5100] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5100] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] read(6, [pid 5098] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5098] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5099] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5098] <... futex resumed>) = ? [pid 5099] +++ killed by SIGBUS +++ [pid 5100] +++ killed by SIGBUS +++ [pid 5098] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5098, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5101 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5101] chdir("./12") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5101] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5102 attached => {parent_tid=[5102]}, 88) = 5102 [pid 5102] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] <... rseq resumed>) = 0 [pid 5102] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5102] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file0", 0777) = 0 [pid 5102] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file0") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5101] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... open resumed>) = 4 [pid 5102] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 81.026590][ T5102] loop0: detected capacity change from 0 to 2048 [ 81.043058][ T5102] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 81.055410][ T5102] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5101] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... open resumed>) = 5 [pid 5102] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5102] ftruncate(5, 33587199 [pid 5101] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... ftruncate resumed>) = 0 [pid 5102] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5101] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5101] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] <... mmap resumed>) = 0x20000000 [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5102] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5103 attached ) = 0 [pid 5103] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5102] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... rseq resumed>) = 0 [pid 5103] set_robust_list(0x7f50e61579a0, 24 [pid 5101] <... clone3 resumed> => {parent_tid=[5103]}, 88) = 5103 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5103] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5102] read(6, [pid 5101] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5101] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5102] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5102] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5101] <... futex resumed>) = ? [pid 5103] +++ killed by SIGBUS +++ [pid 5102] +++ killed by SIGBUS +++ [pid 5101] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5101, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5104] chdir("./13" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5104 [pid 5104] <... chdir resumed>) = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5104] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5105 attached => {parent_tid=[5105]}, 88) = 5105 [pid 5105] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5105] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = 1 [pid 5105] memfd_create("syzkaller", 0 [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] <... memfd_create resumed>) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5105] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5105] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... open resumed>) = 4 [pid 5105] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5105] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] ftruncate(5, 33587199 [pid 5104] <... futex resumed>) = 0 [pid 5105] <... ftruncate resumed>) = 0 [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 81.745543][ T5105] loop0: detected capacity change from 0 to 2048 [ 81.756433][ T5105] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 81.768191][ T5105] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5104] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5105] <... mmap resumed>) = 0x20000000 [pid 5104] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5105] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5106 attached [pid 5106] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5105] <... futex resumed>) = 0 [pid 5104] <... clone3 resumed> => {parent_tid=[5106]}, 88) = 5106 [pid 5106] <... rseq resumed>) = 0 [pid 5105] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] set_robust_list(0x7f50e61579a0, 24 [pid 5104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5104] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] <... futex resumed>) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5104] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5106] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5106] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] read(6, [pid 5104] <... futex resumed>) = 1 [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = 1 [pid 5104] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5105] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5104] <... futex resumed>) = ? [pid 5105] +++ killed by SIGBUS +++ [pid 5106] +++ killed by SIGBUS +++ [pid 5104] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5104, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x55555720b690) = 5107 [pid 5107] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5107] chdir("./14") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5107] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5107] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... rseq resumed>) = 0 [pid 5108] set_robust_list(0x7f50e61789a0, 24 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5108] memfd_create("syzkaller", 0 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] <... memfd_create resumed>) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5108] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file0", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file0") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [ 82.486118][ T5108] loop0: detected capacity change from 0 to 2048 [ 82.513923][ T5108] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 82.526053][ T5108] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5108] close(4) = 0 [pid 5108] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... open resumed>) = 4 [pid 5108] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5108] ftruncate(5, 33587199 [pid 5107] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... ftruncate resumed>) = 0 [pid 5108] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5107] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5107] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5107] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5108] <... mmap resumed>) = 0x20000000 [pid 5108] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... mprotect resumed>) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5109 attached => {parent_tid=[5109]}, 88) = 5109 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5107] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] set_robust_list(0x7f50e61579a0, 24 [pid 5107] <... futex resumed>) = 0 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5107] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5109] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5109] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5107] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] read(6, [pid 5107] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5107] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5107] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5107] <... futex resumed>) = ? [pid 5108] <... read resumed> ) = ? [pid 5109] +++ killed by SIGBUS +++ [pid 5108] +++ killed by SIGBUS +++ [pid 5107] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5107, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x55555720b690) = 5110 [pid 5110] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5110] chdir("./15") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5110] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5110] <... clone3 resumed> => {parent_tid=[5111]}, 88) = 5111 [pid 5111] set_robust_list(0x7f50e61789a0, 24 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... set_robust_list resumed>) = 0 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] <... futex resumed>) = 0 [pid 5111] memfd_create("syzkaller", 0 [pid 5110] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] <... memfd_create resumed>) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5111] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file0", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file0") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5110] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... open resumed>) = 4 [pid 5111] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... open resumed>) = 5 [pid 5110] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 83.282605][ T5111] loop0: detected capacity change from 0 to 2048 [ 83.293482][ T5111] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 83.306077][ T5111] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5111] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] ftruncate(5, 33587199 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... ftruncate resumed>) = 0 [pid 5110] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5110] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5110] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5110] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] <... mmap resumed>) = 0x20000000 [pid 5111] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5112 attached [pid 5111] <... futex resumed>) = 0 [pid 5112] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5111] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... clone3 resumed> => {parent_tid=[5112]}, 88) = 5112 [pid 5112] <... rseq resumed>) = 0 [pid 5112] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5110] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5112] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5112] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 0 [pid 5111] read(6, [pid 5110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5110] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5110] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5111] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5111] +++ killed by SIGBUS +++ [pid 5110] <... futex resumed>) = ? [pid 5112] +++ killed by SIGBUS +++ [pid 5110] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5110, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x55555720b690) = 5113 [pid 5113] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5113] chdir("./16") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5113] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5114 attached [pid 5114] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f50e61789a0, 24 [pid 5113] <... clone3 resumed> => {parent_tid=[5114]}, 88) = 5114 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5114] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5114] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 83.964515][ T5114] loop0: detected capacity change from 0 to 2048 [ 83.983720][ T5114] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 83.995938][ T5114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... open resumed>) = 4 [pid 5114] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5114] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] ftruncate(5, 33587199 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... ftruncate resumed>) = 0 [pid 5114] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5113] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5113] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5113] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5114] <... mmap resumed>) = 0x20000000 [pid 5114] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5114] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5115 attached [pid 5114] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... clone3 resumed> => {parent_tid=[5115]}, 88) = 5115 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5113] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5115] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 0 [pid 5114] read(6, [pid 5113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5113] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5113] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5115] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5114] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5113] <... futex resumed>) = ? [pid 5114] +++ killed by SIGBUS +++ [pid 5115] +++ killed by SIGBUS +++ [pid 5113] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5113, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x55555720b690) = 5116 [pid 5116] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5116] chdir("./17") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5116] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5117 attached => {parent_tid=[5117]}, 88) = 5117 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5116] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] set_robust_list(0x7f50e61789a0, 24 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5116] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5117] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file0", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file0") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5116] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... open resumed>) = 4 [pid 5117] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 84.695615][ T5117] loop0: detected capacity change from 0 to 2048 [ 84.722849][ T5117] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 84.734984][ T5117] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5117] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 0 [pid 5117] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5117] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] ftruncate(5, 33587199 [pid 5116] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... ftruncate resumed>) = 0 [pid 5117] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5116] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5116] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] <... mmap resumed>) = 0x20000000 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5117] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5118]}, 88) = 5118 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5118 attached [pid 5118] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] <... rseq resumed>) = 0 [pid 5116] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] set_robust_list(0x7f50e61579a0, 24 [pid 5116] <... futex resumed>) = 0 [pid 5118] <... set_robust_list resumed>) = 0 [pid 5116] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5118] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5117] read(6, [pid 5116] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5116] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5117] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5116] <... futex resumed>) = ? [pid 5118] +++ killed by SIGBUS +++ [pid 5117] +++ killed by SIGBUS +++ [pid 5116] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5116, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached , child_tidptr=0x55555720b690) = 5119 [pid 5119] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5119] chdir("./18") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5119] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5119] <... clone3 resumed> => {parent_tid=[5120]}, 88) = 5120 [pid 5120] set_robust_list(0x7f50e61789a0, 24 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] <... set_robust_list resumed>) = 0 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5120] memfd_create("syzkaller", 0 [pid 5119] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] <... memfd_create resumed>) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5120] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [ 85.514208][ T5120] loop0: detected capacity change from 0 to 2048 [ 85.540016][ T5120] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 85.552129][ T5120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5120] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5119] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... open resumed>) = 4 [pid 5120] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5119] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... open resumed>) = 5 [pid 5120] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5119] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] ftruncate(5, 33587199) = 0 [pid 5120] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5119] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5120] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5120] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5121 attached [pid 5120] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] <... clone3 resumed> => {parent_tid=[5121]}, 88) = 5121 [pid 5121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5119] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5119] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5121] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5121] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] read(6, [pid 5119] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5119] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5120] <... read resumed>) = ? [pid 5121] +++ killed by SIGBUS +++ [pid 5120] +++ killed by SIGBUS +++ [pid 5119] <... futex resumed>) = ? [pid 5119] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5119, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5122 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5122] chdir("./19") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5122] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5123 attached [pid 5123] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5122] <... clone3 resumed> => {parent_tid=[5123]}, 88) = 5123 [pid 5123] <... rseq resumed>) = 0 [pid 5123] set_robust_list(0x7f50e61789a0, 24 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] <... set_robust_list resumed>) = 0 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... memfd_create resumed>) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5123] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 4 [pid 5123] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5122] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] <... open resumed>) = 5 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] ftruncate(5, 33587199) = 0 [pid 5123] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [ 86.298582][ T5123] loop0: detected capacity change from 0 to 2048 [ 86.314113][ T5123] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 86.326232][ T5123] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5122] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5122] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5123] <... mmap resumed>) = 0x20000000 [pid 5122] <... mprotect resumed>) = 0 [pid 5123] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5124 attached => {parent_tid=[5124]}, 88) = 5124 [pid 5124] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] set_robust_list(0x7f50e61579a0, 24 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5122] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] <... futex resumed>) = 0 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5122] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5124] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5122] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] read(6, [pid 5122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5122] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5123] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5122] <... futex resumed>) = ? [pid 5124] +++ killed by SIGBUS +++ [pid 5123] +++ killed by SIGBUS +++ [pid 5122] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5122, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x55555720b690) = 5125 [pid 5125] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5125] chdir("./20") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5125] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5126 attached => {parent_tid=[5126]}, 88) = 5126 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5125] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] <... rseq resumed>) = 0 [pid 5126] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5126] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5125] <... futex resumed>) = 0 [ 86.955527][ T5126] loop0: detected capacity change from 0 to 2048 [ 86.972029][ T5126] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 86.984316][ T5126] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 86.995008][ T925] cfg80211: failed to load regulatory.db [pid 5125] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... open resumed>) = 4 [pid 5126] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5125] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... open resumed>) = 5 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] ftruncate(5, 33587199 [pid 5125] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... ftruncate resumed>) = 0 [pid 5126] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5125] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5125] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5125] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] <... mmap resumed>) = 0x20000000 [pid 5126] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5127 attached [pid 5127] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5125] <... clone3 resumed> => {parent_tid=[5127]}, 88) = 5127 [pid 5127] <... rseq resumed>) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5127] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5127] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5126] read(6, [pid 5125] <... futex resumed>) = 1 [pid 5125] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5125] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5125] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5127] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5126] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5126] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5125] <... futex resumed>) = ? [pid 5126] +++ killed by SIGBUS +++ [pid 5127] +++ killed by SIGBUS +++ [pid 5125] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5125, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5128 [pid 5128] <... set_robust_list resumed>) = 0 [pid 5128] chdir("./21") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5128] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5128] <... clone3 resumed> => {parent_tid=[5129]}, 88) = 5129 [pid 5129] set_robust_list(0x7f50e61789a0, 24 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... set_robust_list resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] memfd_create("syzkaller", 0 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] <... memfd_create resumed>) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5129] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file0", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file0") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5129] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... open resumed>) = 4 [pid 5129] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5129] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.729588][ T5129] loop0: detected capacity change from 0 to 2048 [ 87.745585][ T5129] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 87.758103][ T5129] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 1 [pid 5129] ftruncate(5, 33587199) = 0 [pid 5129] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5128] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5128] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5128] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5128] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] <... rseq resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] set_robust_list(0x7f50e61579a0, 24 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5128] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... futex resumed>) = 0 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5129] <... mmap resumed>) = 0x20000000 [pid 5130] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] read(6, [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5128] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5128] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5128] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20079000} --- [pid 5129] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 208768 [pid 5129] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] <... futex resumed>) = ? [pid 5130] +++ killed by SIGBUS +++ [pid 5129] +++ killed by SIGBUS +++ [pid 5128] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5128, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x55555720b690) = 5131 [pid 5131] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5131] chdir("./22") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5131] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5132 attached [pid 5132] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5131] <... clone3 resumed> => {parent_tid=[5132]}, 88) = 5132 [pid 5132] set_robust_list(0x7f50e61789a0, 24 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] <... set_robust_list resumed>) = 0 [pid 5131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5132] memfd_create("syzkaller", 0 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] <... memfd_create resumed>) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5132] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5131] <... futex resumed>) = 0 [ 88.452922][ T5132] loop0: detected capacity change from 0 to 2048 [ 88.478315][ T5132] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 88.490067][ T5132] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5131] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 4 [pid 5132] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5131] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 5 [pid 5132] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] ftruncate(5, 33587199 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... ftruncate resumed>) = 0 [pid 5132] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5131] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5131] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] <... mmap resumed>) = 0x20000000 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5132] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5132] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5133 attached => {parent_tid=[5133]}, 88) = 5133 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5131] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5133] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5133] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 0 [pid 5132] read(6, [pid 5131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5131] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5133] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5132] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5131] <... futex resumed>) = ? [pid 5133] +++ killed by SIGBUS +++ [pid 5132] +++ killed by SIGBUS +++ [pid 5131] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5131, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5134 [pid 5134] <... set_robust_list resumed>) = 0 [pid 5134] chdir("./23") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5134] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5135 attached [pid 5135] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5135]}, 88) = 5135 [pid 5135] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5135] memfd_create("syzkaller", 0 [pid 5134] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] <... memfd_create resumed>) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5135] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [ 89.137219][ T5135] loop0: detected capacity change from 0 to 2048 [ 89.153193][ T5135] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 89.165555][ T5135] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5135] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5134] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... open resumed>) = 4 [pid 5135] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... open resumed>) = 5 [pid 5134] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] ftruncate(5, 33587199 [pid 5134] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... ftruncate resumed>) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5134] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5134] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5134] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5135] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5135] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5136 attached [pid 5134] <... clone3 resumed> => {parent_tid=[5136]}, 88) = 5136 [pid 5136] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5135] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f50e61579a0, 24 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5134] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] <... futex resumed>) = 0 [pid 5136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5136] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5136] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] read(6, [pid 5134] <... futex resumed>) = 1 [pid 5134] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5134] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5135] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5134] <... futex resumed>) = ? [pid 5136] +++ killed by SIGBUS +++ [pid 5135] +++ killed by SIGBUS +++ [pid 5134] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5134, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x55555720b690) = 5137 [pid 5137] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5137] chdir("./24") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5137] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5138 attached => {parent_tid=[5138]}, 88) = 5138 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5137] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] set_robust_list(0x7f50e61789a0, 24 [pid 5137] <... futex resumed>) = 0 [pid 5138] <... set_robust_list resumed>) = 0 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5138] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file0") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [ 89.934190][ T5138] loop0: detected capacity change from 0 to 2048 [ 89.949211][ T5138] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 89.961695][ T5138] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5138] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5138] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 0 [pid 5138] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5138] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] ftruncate(5, 33587199 [pid 5137] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... ftruncate resumed>) = 0 [pid 5138] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5137] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5137] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5137] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5138] <... mmap resumed>) = 0x20000000 [pid 5138] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5139 attached [pid 5138] <... futex resumed>) = 0 [pid 5137] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5139] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5138] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] <... rseq resumed>) = 0 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] set_robust_list(0x7f50e61579a0, 24 [pid 5137] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5139] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5139] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] read(6, [pid 5137] <... futex resumed>) = 1 [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5137] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5137] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5137] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5138] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5138] ???( [pid 5137] <... futex resumed>) = ? [pid 5138] <... ??? resumed>) = ? [pid 5138] +++ killed by SIGBUS +++ [pid 5139] +++ killed by SIGBUS +++ [pid 5137] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5137, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5140 [pid 5140] chdir("./25") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5140] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5140] <... clone3 resumed> => {parent_tid=[5141]}, 88) = 5141 [pid 5141] <... rseq resumed>) = 0 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] set_robust_list(0x7f50e61789a0, 24 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] <... set_robust_list resumed>) = 0 [pid 5140] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] <... memfd_create resumed>) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5141] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file0", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file0") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 90.645248][ T5141] loop0: detected capacity change from 0 to 2048 [ 90.666600][ T5141] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 90.678722][ T5141] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5141] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5141] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... open resumed>) = 5 [pid 5141] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] ftruncate(5, 33587199 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... ftruncate resumed>) = 0 [pid 5141] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5140] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5140] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5141] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5142 attached [pid 5141] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... clone3 resumed> => {parent_tid=[5142]}, 88) = 5142 [pid 5142] <... rseq resumed>) = 0 [pid 5141] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] set_robust_list(0x7f50e61579a0, 24 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] <... set_robust_list resumed>) = 0 [pid 5140] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] <... futex resumed>) = 0 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5142] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] read(6, [pid 5140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5140] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5140] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5140] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5141] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5141] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = ? [pid 5142] +++ killed by SIGBUS +++ [pid 5141] <... futex resumed>) = ? [pid 5141] +++ killed by SIGBUS +++ [pid 5140] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5140, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x55555720b690) = 5143 [pid 5143] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5143] chdir("./26") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5143] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5144 attached => {parent_tid=[5144]}, 88) = 5144 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5143] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] set_robust_list(0x7f50e61789a0, 24 [pid 5143] <... futex resumed>) = 0 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5143] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5144] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file0", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file0") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [ 91.393402][ T5144] loop0: detected capacity change from 0 to 2048 [ 91.409110][ T5144] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 91.421382][ T5144] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5144] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... open resumed>) = 4 [pid 5144] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5143] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... open resumed>) = 5 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] ftruncate(5, 33587199 [pid 5143] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... ftruncate resumed>) = 0 [pid 5144] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5143] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5143] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5143] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] <... mmap resumed>) = 0x20000000 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5143] <... clone3 resumed> => {parent_tid=[5145]}, 88) = 5145 [pid 5145] <... rseq resumed>) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] set_robust_list(0x7f50e61579a0, 24 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] <... set_robust_list resumed>) = 0 [pid 5143] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5145] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5145] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] read(6, [pid 5143] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5143] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5145] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5144] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5144] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5143] <... futex resumed>) = ? [pid 5145] +++ killed by SIGBUS +++ [pid 5144] +++ killed by SIGBUS +++ [pid 5143] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5143, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x55555720b690) = 5146 [pid 5146] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5146] chdir("./27") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5146] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5146] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] set_robust_list(0x7f50e61789a0, 24 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5146] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... memfd_create resumed>) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5146] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5147] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file0", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file0") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5146] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 4 [ 92.037089][ T5147] loop0: detected capacity change from 0 to 2048 [ 92.052632][ T5147] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 92.064922][ T5147] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5147] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5146] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... open resumed>) = 5 [pid 5146] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5146] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] ftruncate(5, 33587199 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... ftruncate resumed>) = 0 [pid 5147] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5146] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5146] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5146] <... mprotect resumed>) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5147] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5147] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5148 attached [pid 5148] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5146] <... clone3 resumed> => {parent_tid=[5148]}, 88) = 5148 [pid 5148] set_robust_list(0x7f50e61579a0, 24 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] <... set_robust_list resumed>) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5148] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5146] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] read(6, [pid 5146] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5146] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5147] <... read resumed>) = ? [pid 5146] <... futex resumed>) = ? [pid 5148] +++ killed by SIGBUS +++ [pid 5147] +++ killed by SIGBUS +++ [pid 5146] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5146, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5149 [pid 5149] <... set_robust_list resumed>) = 0 [pid 5149] chdir("./28") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5149] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [pid 5150] <... rseq resumed>) = 0 [pid 5150] set_robust_list(0x7f50e61789a0, 24 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5150] memfd_create("syzkaller", 0 [pid 5149] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] <... memfd_create resumed>) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5150] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5149] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 92.774316][ T5150] loop0: detected capacity change from 0 to 2048 [ 92.790799][ T5150] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 92.803394][ T5150] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5150] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5149] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] ftruncate(5, 33587199 [pid 5149] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... ftruncate resumed>) = 0 [pid 5150] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5149] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5149] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5149] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5150] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5150] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5151 attached [pid 5150] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5151] <... rseq resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] set_robust_list(0x7f50e61579a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5151] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5150] read(6, [pid 5149] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5149] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5149] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5151] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5149] <... futex resumed>) = ? [pid 5150] +++ killed by SIGBUS +++ [pid 5151] +++ killed by SIGBUS +++ [pid 5149] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5149, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached , child_tidptr=0x55555720b690) = 5153 [pid 5153] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5153] chdir("./29") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5153] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5154 attached [pid 5154] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5154] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5153] <... clone3 resumed> => {parent_tid=[5154]}, 88) = 5154 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5154] memfd_create("syzkaller", 0 [pid 5153] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] <... memfd_create resumed>) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5154] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] mkdir("./file0", 0777) = 0 [ 93.551333][ T5154] loop0: detected capacity change from 0 to 2048 [ 93.580696][ T5154] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 93.592920][ T5154] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5154] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file0") = 0 [pid 5154] ioctl(4, LOOP_CLR_FD) = 0 [pid 5154] close(4) = 0 [pid 5154] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5153] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... open resumed>) = 4 [pid 5154] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5154] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5153] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] ftruncate(5, 33587199 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... ftruncate resumed>) = 0 [pid 5154] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5153] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5153] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5154] <... mmap resumed>) = 0x20000000 [pid 5153] <... mmap resumed>) = 0x7f50e6137000 [pid 5154] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5155 attached => {parent_tid=[5155]}, 88) = 5155 [pid 5155] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5153] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5155] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5155] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5154] read(6, [pid 5153] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5153] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5153] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5154] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5153] <... futex resumed>) = ? [pid 5155] +++ killed by SIGBUS +++ [pid 5154] +++ killed by SIGBUS +++ [pid 5153] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5153, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached , child_tidptr=0x55555720b690) = 5156 [pid 5156] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5156] chdir("./30") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5156] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5156] <... clone3 resumed> => {parent_tid=[5157]}, 88) = 5157 [pid 5157] set_robust_list(0x7f50e61789a0, 24 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] <... set_robust_list resumed>) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] memfd_create("syzkaller", 0 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5157] <... memfd_create resumed>) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5157] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./file0", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file0") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [ 94.354077][ T5157] loop0: detected capacity change from 0 to 2048 [ 94.379442][ T5157] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 94.392448][ T5157] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5157] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5156] <... futex resumed>) = 0 [pid 5157] <... open resumed>) = 4 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5156] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] ftruncate(5, 33587199 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... ftruncate resumed>) = 0 [pid 5157] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5156] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5156] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] <... mmap resumed>) = 0x20000000 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5157] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5157] <... futex resumed>) = 0 [pid 5157] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5158 attached [pid 5158] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5156] <... clone3 resumed> => {parent_tid=[5158]}, 88) = 5158 [pid 5158] set_robust_list(0x7f50e61579a0, 24 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] <... set_robust_list resumed>) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5158] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5156] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... futex resumed>) = 0 [pid 5157] read(6, [pid 5156] <... futex resumed>) = 1 [pid 5156] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5156] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5156] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5158] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5157] <... read resumed>) = ? [pid 5156] <... futex resumed>) = ? [pid 5158] +++ killed by SIGBUS +++ [pid 5157] +++ killed by SIGBUS +++ [pid 5156] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5156, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x55555720b690) = 5159 [pid 5159] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5159] chdir("./31") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5159] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5160 attached [pid 5160] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5160] set_robust_list(0x7f50e61789a0, 24 [pid 5159] <... clone3 resumed> => {parent_tid=[5160]}, 88) = 5160 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] memfd_create("syzkaller", 0 [pid 5159] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] <... memfd_create resumed>) = 3 [pid 5159] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5160] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file0", 0777) = 0 [pid 5160] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file0") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 95.038560][ T5160] loop0: detected capacity change from 0 to 2048 [ 95.056582][ T5160] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 95.069108][ T5160] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5159] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... open resumed>) = 4 [pid 5160] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5159] <... futex resumed>) = 0 [pid 5160] <... open resumed>) = 5 [pid 5159] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] <... futex resumed>) = 0 [pid 5159] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] ftruncate(5, 33587199 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... ftruncate resumed>) = 0 [pid 5160] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5159] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5159] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5161 attached [pid 5160] <... mmap resumed>) = 0x20000000 [pid 5161] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5160] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... rseq resumed>) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5161] set_robust_list(0x7f50e61579a0, 24 [pid 5160] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... set_robust_list resumed>) = 0 [pid 5159] <... clone3 resumed> => {parent_tid=[5161]}, 88) = 5161 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5159] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5161] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5161] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 0 [pid 5160] read(6, [pid 5159] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5159] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 1 [pid 5159] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5161] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5160] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5159] <... futex resumed>) = ? [pid 5160] +++ killed by SIGBUS +++ [pid 5161] +++ killed by SIGBUS +++ [pid 5159] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5159, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x55555720b690) = 5162 [pid 5162] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5162] chdir("./32") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5162] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5163 attached [pid 5163] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5162] <... clone3 resumed> => {parent_tid=[5163]}, 88) = 5163 [pid 5163] <... rseq resumed>) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] set_robust_list(0x7f50e61789a0, 24 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] <... set_robust_list resumed>) = 0 [pid 5162] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5162] <... futex resumed>) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5162] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5163] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] mkdir("./file0", 0777) = 0 [pid 5163] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./file0") = 0 [pid 5163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5163] close(4) = 0 [pid 5163] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5162] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... open resumed>) = 4 [ 95.824331][ T5163] loop0: detected capacity change from 0 to 2048 [ 95.840147][ T5163] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 95.852636][ T5163] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5163] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5162] <... futex resumed>) = 0 [pid 5163] <... open resumed>) = 5 [pid 5162] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5162] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] ftruncate(5, 33587199) = 0 [pid 5163] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5163] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5162] <... futex resumed>) = 0 [pid 5163] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5162] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5162] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5162] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] <... mmap resumed>) = 0x20000000 [pid 5163] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5164 attached [pid 5164] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5162] <... clone3 resumed> => {parent_tid=[5164]}, 88) = 5164 [pid 5164] <... rseq resumed>) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5162] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5162] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5164] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5164] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 0 [pid 5163] read(6, [pid 5162] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5162] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5162] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5163] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5163] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5163] +++ killed by SIGBUS +++ [pid 5162] <... futex resumed>) = ? [pid 5164] +++ killed by SIGBUS +++ [pid 5162] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5162, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x55555720b690) = 5165 [pid 5165] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5165] chdir("./33") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5165] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5166 attached => {parent_tid=[5166]}, 88) = 5166 [pid 5166] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] set_robust_list(0x7f50e61789a0, 24 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] <... futex resumed>) = 0 [pid 5166] memfd_create("syzkaller", 0 [pid 5165] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5166] <... memfd_create resumed>) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5166] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file0", 0777) = 0 [pid 5166] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file0") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5166] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 96.467188][ T5166] loop0: detected capacity change from 0 to 2048 [ 96.480761][ T5166] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 96.492893][ T5166] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5165] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... open resumed>) = 4 [pid 5166] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... open resumed>) = 5 [pid 5166] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] ftruncate(5, 33587199 [pid 5165] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... ftruncate resumed>) = 0 [pid 5166] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5165] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5165] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5166] <... mmap resumed>) = 0x20000000 [pid 5166] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5167 attached [pid 5167] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5165] <... clone3 resumed> => {parent_tid=[5167]}, 88) = 5167 [pid 5167] <... rseq resumed>) = 0 [pid 5167] set_robust_list(0x7f50e61579a0, 24 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5167] <... set_robust_list resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 0 [pid 5165] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5167] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5166] read(6, [pid 5165] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5165] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5165] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5166] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5167] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5165] <... futex resumed>) = ? [pid 5167] +++ killed by SIGBUS +++ [pid 5166] +++ killed by SIGBUS +++ [pid 5165] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5165, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached , child_tidptr=0x55555720b690) = 5168 [pid 5168] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5168] chdir("./34") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5168] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5169 attached [pid 5169] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5168] <... clone3 resumed> => {parent_tid=[5169]}, 88) = 5169 [pid 5169] set_robust_list(0x7f50e61789a0, 24 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] <... set_robust_list resumed>) = 0 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] <... futex resumed>) = 0 [pid 5169] memfd_create("syzkaller", 0 [pid 5168] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5169] <... memfd_create resumed>) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5169] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./file0", 0777) = 0 [pid 5169] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./file0") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5168] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 97.295820][ T5169] loop0: detected capacity change from 0 to 2048 [ 97.320815][ T5169] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 97.333225][ T5169] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5168] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... open resumed>) = 4 [pid 5169] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5169] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] <... futex resumed>) = 0 [pid 5169] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5168] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... open resumed>) = 5 [pid 5169] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5169] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] ftruncate(5, 33587199) = 0 [pid 5169] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5169] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] <... futex resumed>) = 0 [pid 5169] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5168] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5168] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5169] <... mmap resumed>) = 0x20000000 [pid 5169] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... mprotect resumed>) = 0 [pid 5168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5170 attached [pid 5170] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5168] <... clone3 resumed> => {parent_tid=[5170]}, 88) = 5170 [pid 5170] <... rseq resumed>) = 0 [pid 5170] set_robust_list(0x7f50e61579a0, 24 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... set_robust_list resumed>) = 0 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] <... futex resumed>) = 0 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5170] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] read(6, [pid 5168] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5168] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5168] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5169] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5168] <... futex resumed>) = ? [pid 5170] +++ killed by SIGBUS +++ [pid 5169] +++ killed by SIGBUS +++ [pid 5168] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5168, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x55555720b690) = 5171 [pid 5171] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5171] chdir("./35") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5171] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5172 attached [pid 5172] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5171] <... clone3 resumed> => {parent_tid=[5172]}, 88) = 5172 [pid 5172] set_robust_list(0x7f50e61789a0, 24 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] <... set_robust_list resumed>) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] memfd_create("syzkaller", 0 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5172] <... memfd_create resumed>) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5172] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file0", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file0") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 0 [pid 5172] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5172] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5171] <... futex resumed>) = 0 [pid 5172] <... open resumed>) = 5 [pid 5171] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5172] ftruncate(5, 33587199 [pid 5171] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... ftruncate resumed>) = 0 [pid 5172] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [ 98.090281][ T5172] loop0: detected capacity change from 0 to 2048 [ 98.101372][ T5172] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 98.113365][ T5172] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5172] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5171] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5171] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5171] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] <... mmap resumed>) = 0x20000000 [pid 5172] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5172] <... futex resumed>) = 0 [pid 5171] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5172] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5173]}, 88) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] <... rseq resumed>) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] set_robust_list(0x7f50e61579a0, 24 [pid 5171] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... set_robust_list resumed>) = 0 [pid 5171] <... futex resumed>) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5173] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5171] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5171] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] read(6, [pid 5171] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5171] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5171] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5173] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5172] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5171] <... futex resumed>) = ? [pid 5173] +++ killed by SIGBUS +++ [pid 5172] +++ killed by SIGBUS +++ [pid 5171] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5171, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x55555720b690) = 5174 [pid 5174] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5174] chdir("./36") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5174] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5174] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] set_robust_list(0x7f50e61789a0, 24 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... set_robust_list resumed>) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] memfd_create("syzkaller", 0 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] <... memfd_create resumed>) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5175] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./file0", 0777) = 0 [pid 5175] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./file0") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 98.769944][ T5175] loop0: detected capacity change from 0 to 2048 [ 98.795769][ T5175] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 98.807758][ T5175] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5175] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... futex resumed>) = 0 [pid 5175] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5175] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... open resumed>) = 5 [pid 5175] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5174] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] ftruncate(5, 33587199 [pid 5174] <... futex resumed>) = 0 [pid 5175] <... ftruncate resumed>) = 0 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5175] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5174] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5174] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5174] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5175] <... mmap resumed>) = 0x20000000 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5175] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5176 attached [pid 5176] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5176] set_robust_list(0x7f50e61579a0, 24 [pid 5174] <... clone3 resumed> => {parent_tid=[5176]}, 88) = 5176 [pid 5176] <... set_robust_list resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5176] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... futex resumed>) = 0 [pid 5175] read(6, [pid 5174] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5174] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5175] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5175] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5174] <... futex resumed>) = ? [pid 5176] +++ killed by SIGBUS +++ [pid 5175] +++ killed by SIGBUS +++ [pid 5174] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5174, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5177] chdir("./37" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5177 [pid 5177] <... chdir resumed>) = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5177] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5178 attached [pid 5178] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5177] <... clone3 resumed> => {parent_tid=[5178]}, 88) = 5178 [pid 5178] set_robust_list(0x7f50e61789a0, 24 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5178] <... set_robust_list resumed>) = 0 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5178] memfd_create("syzkaller", 0 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] <... memfd_create resumed>) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5178] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file0", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file0") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5178] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... open resumed>) = 4 [pid 5178] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5177] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5177] <... futex resumed>) = 0 [pid 5178] <... open resumed>) = 5 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [ 99.627967][ T5178] loop0: detected capacity change from 0 to 2048 [ 99.645841][ T5178] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 99.657990][ T5178] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5178] ftruncate(5, 33587199) = 0 [pid 5178] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5177] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5177] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5177] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5179 attached [pid 5179] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5177] <... clone3 resumed> => {parent_tid=[5179]}, 88) = 5179 [pid 5179] <... rseq resumed>) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] set_robust_list(0x7f50e61579a0, 24 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] <... set_robust_list resumed>) = 0 [pid 5177] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] <... futex resumed>) = 0 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5179] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... mmap resumed>) = 0x20000000 [pid 5179] <... futex resumed>) = 1 [pid 5178] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] read(6, [pid 5177] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5177] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5177] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 200576 [pid 5179] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2007b000} --- [pid 5178] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5177] <... futex resumed>) = ? [pid 5179] +++ killed by SIGBUS +++ [pid 5178] +++ killed by SIGBUS +++ [pid 5177] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5177, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x55555720b690) = 5180 [pid 5180] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5180] chdir("./38") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5180] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5181 attached [pid 5181] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5180] <... clone3 resumed> => {parent_tid=[5181]}, 88) = 5181 [pid 5181] set_robust_list(0x7f50e61789a0, 24 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] <... set_robust_list resumed>) = 0 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] <... futex resumed>) = 0 [pid 5181] memfd_create("syzkaller", 0 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] <... memfd_create resumed>) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5181] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file0", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file0") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 0 [ 100.293135][ T5181] loop0: detected capacity change from 0 to 2048 [ 100.309216][ T5181] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 100.321878][ T5181] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5181] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5181] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... open resumed>) = 5 [pid 5181] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] <... futex resumed>) = 0 [pid 5181] ftruncate(5, 33587199 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... ftruncate resumed>) = 0 [pid 5181] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5180] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5180] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5181] <... mmap resumed>) = 0x20000000 [pid 5181] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5182 attached [pid 5182] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5182] set_robust_list(0x7f50e61579a0, 24 [pid 5180] <... clone3 resumed> => {parent_tid=[5182]}, 88) = 5182 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5182] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5182] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 0 [pid 5181] read(6, [pid 5180] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5180] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5180] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5182] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5181] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5182] +++ killed by SIGBUS +++ [pid 5181] +++ killed by SIGBUS +++ [pid 5180] <... futex resumed>) = ? [pid 5180] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5180, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5183] chdir("./39" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5183 [pid 5183] <... chdir resumed>) = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5183] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5184 attached [pid 5184] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5183] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] <... rseq resumed>) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] set_robust_list(0x7f50e61789a0, 24 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5183] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... futex resumed>) = 0 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5184] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file0", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file0") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5183] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 4 [pid 5184] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5183] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 5 [pid 5184] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5184] ftruncate(5, 33587199 [ 101.011055][ T5184] loop0: detected capacity change from 0 to 2048 [ 101.026639][ T5184] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 101.038867][ T5184] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5183] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... ftruncate resumed>) = 0 [pid 5184] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5183] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5184] <... mmap resumed>) = 0x20000000 [pid 5183] <... mprotect resumed>) = 0 [pid 5184] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5185 attached => {parent_tid=[5185]}, 88) = 5185 [pid 5185] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] <... rseq resumed>) = 0 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] set_robust_list(0x7f50e61579a0, 24 [pid 5183] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... set_robust_list resumed>) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... futex resumed>) = 0 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5185] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5183] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5184] read(6, [pid 5183] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5183] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5185] memfd_create("syzkaller", 0) = 7 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5185] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5185] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5185] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5185] ioctl(8, LOOP_CLR_FD) = 0 [pid 5185] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5185] close(8) = 0 [pid 5185] close(7) = 0 [pid 5185] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5184] <... read resumed> ) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=67 /* 0.67 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x55555720b690) = 5186 [pid 5186] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5186] chdir("./40") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5186] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5187] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] <... clone3 resumed> => {parent_tid=[5187]}, 88) = 5187 [pid 5187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5187] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5186] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5187] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file0", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file0") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [ 102.297420][ T5187] loop0: detected capacity change from 0 to 2048 [ 102.313558][ T5187] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 102.325881][ T5187] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5186] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 4 [pid 5187] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] ftruncate(5, 33587199 [pid 5186] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... ftruncate resumed>) = 0 [pid 5187] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5186] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5187] <... mmap resumed>) = 0x20000000 [pid 5186] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5187] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... mprotect resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5188 attached [pid 5188] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5186] <... clone3 resumed> => {parent_tid=[5188]}, 88) = 5188 [pid 5188] <... rseq resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5188] set_robust_list(0x7f50e61579a0, 24 [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5186] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] <... futex resumed>) = 0 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5188] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5188] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] read(6, [pid 5186] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5186] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5188] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5187] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5186] <... futex resumed>) = ? [pid 5188] +++ killed by SIGBUS +++ [pid 5187] +++ killed by SIGBUS +++ [pid 5186] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5186, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x55555720b690) = 5189 [pid 5189] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5189] chdir("./41") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5189] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5190 attached [pid 5190] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5189] <... clone3 resumed> => {parent_tid=[5190]}, 88) = 5190 [pid 5190] <... rseq resumed>) = 0 [pid 5190] set_robust_list(0x7f50e61789a0, 24 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5190] <... set_robust_list resumed>) = 0 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] <... futex resumed>) = 0 [pid 5190] memfd_create("syzkaller", 0 [pid 5189] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5190] <... memfd_create resumed>) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5190] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file0", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./file0") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5189] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... open resumed>) = 4 [pid 5190] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5190] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5189] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... open resumed>) = 5 [ 103.063417][ T5190] loop0: detected capacity change from 0 to 2048 [ 103.079385][ T5190] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 103.091439][ T5190] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5190] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] ftruncate(5, 33587199 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... ftruncate resumed>) = 0 [pid 5190] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5189] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5189] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5189] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5190] <... mmap resumed>) = 0x20000000 [pid 5189] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5190] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5190] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5191 attached [pid 5190] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... clone3 resumed> => {parent_tid=[5191]}, 88) = 5191 [pid 5191] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] set_robust_list(0x7f50e61579a0, 24 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5189] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] <... futex resumed>) = 0 [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5191] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5190] read(6, [pid 5189] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5189] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5189] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5191] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5190] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5189] <... futex resumed>) = ? [pid 5191] +++ killed by SIGBUS +++ [pid 5190] +++ killed by SIGBUS +++ [pid 5189] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5189, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x55555720b690) = 5192 [pid 5192] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5192] chdir("./42") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5192] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5192] <... clone3 resumed> => {parent_tid=[5193]}, 88) = 5193 [pid 5193] set_robust_list(0x7f50e61789a0, 24 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5193] <... set_robust_list resumed>) = 0 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5193] memfd_create("syzkaller", 0 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] <... memfd_create resumed>) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5193] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file0", 0777) = 0 [ 103.779171][ T5193] loop0: detected capacity change from 0 to 2048 [ 103.815292][ T5193] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5193] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5193] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file0") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5193] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5192] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... open resumed>) = 5 [pid 5193] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5192] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] ftruncate(5, 33587199 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... ftruncate resumed>) = 0 [ 103.827422][ T5193] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5193] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5192] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5192] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5193] <... mmap resumed>) = 0x20000000 [pid 5193] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] <... mprotect resumed>) = 0 [pid 5193] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5194 attached [pid 5194] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5192] <... clone3 resumed> => {parent_tid=[5194]}, 88) = 5194 [pid 5194] set_robust_list(0x7f50e61579a0, 24 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] <... set_robust_list resumed>) = 0 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5194] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5193] read(6, [pid 5192] <... futex resumed>) = 1 [pid 5192] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5192] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5194] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5193] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5193] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5192] <... futex resumed>) = ? [pid 5193] +++ killed by SIGBUS +++ [pid 5194] +++ killed by SIGBUS +++ [pid 5192] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5192, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5195 attached , child_tidptr=0x55555720b690) = 5195 [pid 5195] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5195] chdir("./43") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5195] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5196 attached [pid 5196] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5196] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] <... clone3 resumed> => {parent_tid=[5196]}, 88) = 5196 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5196] memfd_create("syzkaller", 0 [pid 5195] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5196] <... memfd_create resumed>) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5196] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./file0", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./file0") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [ 104.474040][ T5196] loop0: detected capacity change from 0 to 2048 [ 104.484662][ T5196] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 104.496876][ T5196] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5196] close(4) = 0 [pid 5196] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5195] <... futex resumed>) = 0 [pid 5196] <... open resumed>) = 4 [pid 5196] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5196] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5195] <... futex resumed>) = 1 [pid 5196] <... open resumed>) = 5 [pid 5196] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5196] ftruncate(5, 33587199) = 0 [pid 5196] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 1 [pid 5195] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5196] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5195] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5195] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5195] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5196] <... mmap resumed>) = 0x20000000 [pid 5196] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5196] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... clone3 resumed> => {parent_tid=[5197]}, 88) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5197] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] <... rseq resumed>) = 0 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] set_robust_list(0x7f50e61579a0, 24 [pid 5195] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... set_robust_list resumed>) = 0 [pid 5195] <... futex resumed>) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5197] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5197] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5196] read(6, [pid 5195] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5195] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5195] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5196] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5195] <... futex resumed>) = ? [pid 5196] +++ killed by SIGBUS +++ [pid 5197] +++ killed by SIGBUS +++ [pid 5195] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5195, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached , child_tidptr=0x55555720b690) = 5198 [pid 5198] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5198] chdir("./44") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5198] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5199 attached => {parent_tid=[5199]}, 88) = 5199 [pid 5199] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5199] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] memfd_create("syzkaller", 0 [pid 5198] <... futex resumed>) = 1 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] <... memfd_create resumed>) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5199] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./file0", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file0") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5199] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... open resumed>) = 4 [pid 5199] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5198] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [ 105.241540][ T5199] loop0: detected capacity change from 0 to 2048 [ 105.259991][ T5199] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 105.272352][ T5199] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5199] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... open resumed>) = 5 [pid 5199] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5199] ftruncate(5, 33587199 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... ftruncate resumed>) = 0 [pid 5199] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5198] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5198] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5198] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5199] <... mmap resumed>) = 0x20000000 [pid 5198] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5199] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5200 attached [pid 5200] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5200] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5198] <... clone3 resumed> => {parent_tid=[5200]}, 88) = 5200 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5200] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5200] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5198] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5198] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] read(6, [pid 5198] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5198] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5198] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5200] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5199] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5198] <... futex resumed>) = ? [pid 5200] +++ killed by SIGBUS +++ [pid 5199] +++ killed by SIGBUS +++ [pid 5198] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5198, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x55555720b690) = 5201 [pid 5201] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5201] chdir("./45") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5201] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5202 attached => {parent_tid=[5202]}, 88) = 5202 [pid 5202] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] <... rseq resumed>) = 0 [pid 5201] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5202] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file0", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./file0") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5201] <... futex resumed>) = 0 [ 105.939529][ T5202] loop0: detected capacity change from 0 to 2048 [ 105.960515][ T5202] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 105.973386][ T5202] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5201] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 4 [pid 5202] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5201] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 5 [pid 5202] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 0 [pid 5202] ftruncate(5, 33587199) = 0 [pid 5202] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5201] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5201] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] <... mmap resumed>) = 0x20000000 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5202] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5203 attached [pid 5202] <... futex resumed>) = 0 [pid 5203] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5202] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] set_robust_list(0x7f50e61579a0, 24 [pid 5201] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5203] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] read(6, [pid 5201] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5201] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5202] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5202] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5201] <... futex resumed>) = ? [pid 5202] +++ killed by SIGBUS +++ [pid 5203] +++ killed by SIGBUS +++ [pid 5201] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5201, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x55555720b690) = 5204 [pid 5204] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5204] chdir("./46") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5204] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5205 attached [pid 5205] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5204] <... clone3 resumed> => {parent_tid=[5205]}, 88) = 5205 [pid 5205] <... rseq resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] set_robust_list(0x7f50e61789a0, 24 [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] <... set_robust_list resumed>) = 0 [pid 5204] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5205] memfd_create("syzkaller", 0 [pid 5204] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] <... memfd_create resumed>) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5205] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./file0", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5205] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file0") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5204] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 4 [pid 5205] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5204] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 5 [ 106.636080][ T5205] loop0: detected capacity change from 0 to 2048 [ 106.651402][ T5205] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 106.663450][ T5205] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5205] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] ftruncate(5, 33587199 [pid 5204] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... ftruncate resumed>) = 0 [pid 5205] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5204] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5204] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5204] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5206 attached [pid 5206] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5206] set_robust_list(0x7f50e61579a0, 24 [pid 5205] <... mmap resumed>) = 0x20000000 [pid 5204] <... clone3 resumed> => {parent_tid=[5206]}, 88) = 5206 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5205] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... openat resumed>) = 6 [pid 5206] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5205] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5205] read(6, [pid 5204] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5204] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5204] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5206] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5205] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5204] <... futex resumed>) = ? [pid 5205] +++ killed by SIGBUS +++ [pid 5206] +++ killed by SIGBUS +++ [pid 5204] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5204, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x55555720b690) = 5207 [pid 5207] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5207] chdir("./47") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5207] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5208 attached [pid 5208] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5207] <... clone3 resumed> => {parent_tid=[5208]}, 88) = 5208 [pid 5208] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5207] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] memfd_create("syzkaller", 0 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5208] <... memfd_create resumed>) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5208] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./file0", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file0") = 0 [ 107.475910][ T5208] loop0: detected capacity change from 0 to 2048 [ 107.502156][ T5208] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 107.514319][ T5208] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5207] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 4 [pid 5208] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5207] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5207] <... futex resumed>) = 0 [pid 5208] <... open resumed>) = 5 [pid 5207] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] ftruncate(5, 33587199) = 0 [pid 5208] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5207] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5207] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5207] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5208] <... mmap resumed>) = 0x20000000 [pid 5207] <... mprotect resumed>) = 0 [pid 5208] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5208] <... futex resumed>) = 0 [pid 5207] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5209 attached [pid 5208] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... clone3 resumed> => {parent_tid=[5209]}, 88) = 5209 [pid 5209] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... rseq resumed>) = 0 [pid 5209] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5209] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5207] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 1 [pid 5208] read(6, [pid 5207] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5207] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 1 [pid 5207] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5208] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5208] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5208] +++ killed by SIGBUS +++ [pid 5207] <... futex resumed>) = ? [pid 5209] +++ killed by SIGBUS +++ [pid 5207] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5207, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5210 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5210] chdir("./48") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5210] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5211 attached => {parent_tid=[5211]}, 88) = 5211 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5210] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5210] <... futex resumed>) = 0 [pid 5211] <... rseq resumed>) = 0 [pid 5210] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5211] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5211] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./file0", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file0") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5210] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... open resumed>) = 4 [ 108.194274][ T5211] loop0: detected capacity change from 0 to 2048 [ 108.210515][ T5211] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 108.222985][ T5211] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5211] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... open resumed>) = 5 [pid 5211] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5211] ftruncate(5, 33587199 [pid 5210] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... ftruncate resumed>) = 0 [pid 5211] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5211] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5210] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5210] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5210] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5211] <... mmap resumed>) = 0x20000000 [pid 5210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5211] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5212 attached [pid 5212] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5210] <... clone3 resumed> => {parent_tid=[5212]}, 88) = 5212 [pid 5212] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5212] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 0 [pid 5211] read(6, [pid 5210] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5210] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5210] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5211] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5211] ???( [pid 5210] <... futex resumed>) = ? [pid 5211] <... ??? resumed>) = ? [pid 5211] +++ killed by SIGBUS +++ [pid 5212] +++ killed by SIGBUS +++ [pid 5210] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5210, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x55555720b690) = 5213 [pid 5213] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5213] chdir("./49") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5213] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5214 attached => {parent_tid=[5214]}, 88) = 5214 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] <... rseq resumed>) = 0 [pid 5214] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5214] memfd_create("syzkaller", 0 [pid 5213] <... futex resumed>) = 1 [pid 5213] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5214] <... memfd_create resumed>) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5214] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./file0", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file0") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [pid 5214] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5214] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5213] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... open resumed>) = 5 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] <... futex resumed>) = 0 [pid 5214] ftruncate(5, 33587199 [pid 5213] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... ftruncate resumed>) = 0 [ 108.975430][ T5214] loop0: detected capacity change from 0 to 2048 [ 108.990056][ T5214] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 109.002396][ T5214] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5214] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5214] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5213] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5213] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5213] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] <... mmap resumed>) = 0x20000000 [pid 5213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5215 attached [pid 5214] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5213] <... clone3 resumed> => {parent_tid=[5215]}, 88) = 5215 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] <... rseq resumed>) = 0 [pid 5215] set_robust_list(0x7f50e61579a0, 24 [pid 5213] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... set_robust_list resumed>) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5215] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5215] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5213] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] read(6, [pid 5213] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5213] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5213] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5214] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5214] +++ killed by SIGBUS +++ [pid 5213] <... futex resumed>) = ? [pid 5215] +++ killed by SIGBUS +++ [pid 5213] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5213, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x55555720b690) = 5216 [pid 5216] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5216] chdir("./50") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5216] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5217 attached => {parent_tid=[5217]}, 88) = 5217 [pid 5217] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5217] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5217] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] mkdir("./file0", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file0") = 0 [pid 5217] ioctl(4, LOOP_CLR_FD) = 0 [pid 5217] close(4) = 0 [pid 5217] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5216] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.673569][ T5217] loop0: detected capacity change from 0 to 2048 [ 109.689476][ T5217] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 109.701466][ T5217] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5216] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... open resumed>) = 4 [pid 5217] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5216] <... futex resumed>) = 0 [pid 5217] <... open resumed>) = 5 [pid 5217] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5217] ftruncate(5, 33587199 [pid 5216] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... ftruncate resumed>) = 0 [pid 5217] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5216] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5216] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5217] <... mmap resumed>) = 0x20000000 [pid 5217] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5217] <... futex resumed>) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5217] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5219 attached [pid 5216] <... clone3 resumed> => {parent_tid=[5219]}, 88) = 5219 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5216] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... rseq resumed>) = 0 [pid 5219] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] <... futex resumed>) = 0 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5219] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5219] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5217] read(6, [pid 5216] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5216] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5216] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5217] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5217] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5216] <... futex resumed>) = ? [pid 5219] +++ killed by SIGBUS +++ [pid 5217] +++ killed by SIGBUS +++ [pid 5216] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5216, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x55555720b690) = 5222 [pid 5222] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5222] chdir("./51") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5222] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5222] <... clone3 resumed> => {parent_tid=[5223]}, 88) = 5223 [pid 5223] <... rseq resumed>) = 0 [pid 5223] set_robust_list(0x7f50e61789a0, 24 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] <... set_robust_list resumed>) = 0 [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] memfd_create("syzkaller", 0 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5223] <... memfd_create resumed>) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5223] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5223] close(3) = 0 [pid 5223] mkdir("./file0", 0777) = 0 [pid 5223] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5223] chdir("./file0") = 0 [pid 5223] ioctl(4, LOOP_CLR_FD) = 0 [pid 5223] close(4) = 0 [ 110.478854][ T5223] loop0: detected capacity change from 0 to 2048 [ 110.505828][ T5223] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 110.517739][ T5223] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5223] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5223] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5222] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... open resumed>) = 5 [pid 5223] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [pid 5223] ftruncate(5, 33587199 [pid 5222] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... ftruncate resumed>) = 0 [pid 5223] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5222] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5222] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5223] <... mmap resumed>) = 0x20000000 [pid 5222] <... mmap resumed>) = 0x7f50e6137000 [pid 5223] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5223] <... futex resumed>) = 0 [pid 5222] <... mprotect resumed>) = 0 [pid 5223] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5224 attached [pid 5224] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5222] <... clone3 resumed> => {parent_tid=[5224]}, 88) = 5224 [pid 5224] set_robust_list(0x7f50e61579a0, 24 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] <... set_robust_list resumed>) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5222] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5224] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5224] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5223] read(6, [pid 5222] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5222] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] <... futex resumed>) = 0 [pid 5224] memfd_create("syzkaller", 0) = 7 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5224] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5224] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5224] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5224] ioctl(8, LOOP_CLR_FD) = 0 [pid 5224] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5224] close(8) = 0 [pid 5224] close(7) = 0 [pid 5224] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5222] exit_group(0) = ? [pid 5224] <... futex resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5223] <... read resumed> ) = ? [pid 5223] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=53 /* 0.53 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 111.454863][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.454863][ T2805] loop0: rw=1, sector=2053, nr_sectors = 1 limit=2048 [ 111.468788][ T2805] Buffer I/O error on dev loop0, logical block 2053, lost async page write [ 111.478099][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.478099][ T2805] loop0: rw=1, sector=2054, nr_sectors = 1 limit=2048 [ 111.491820][ T2805] Buffer I/O error on dev loop0, logical block 2054, lost async page write [ 111.500429][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.500429][ T2805] loop0: rw=1, sector=2055, nr_sectors = 1 limit=2048 [ 111.514172][ T2805] Buffer I/O error on dev loop0, logical block 2055, lost async page write [ 111.522854][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.522854][ T2805] loop0: rw=1, sector=2064, nr_sectors = 1 limit=2048 [ 111.536451][ T2805] Buffer I/O error on dev loop0, logical block 2064, lost async page write [ 111.545201][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.545201][ T2805] loop0: rw=1, sector=2065, nr_sectors = 1 limit=2048 [ 111.558791][ T2805] Buffer I/O error on dev loop0, logical block 2065, lost async page write [ 111.567478][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.567478][ T2805] loop0: rw=1, sector=2066, nr_sectors = 1 limit=2048 [ 111.581110][ T2805] Buffer I/O error on dev loop0, logical block 2066, lost async page write [ 111.590744][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.590744][ T2805] loop0: rw=1, sector=2067, nr_sectors = 1 limit=2048 [ 111.604384][ T2805] Buffer I/O error on dev loop0, logical block 2067, lost async page write [ 111.613104][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.613104][ T2805] loop0: rw=1, sector=2076, nr_sectors = 8 limit=2048 [ 111.626901][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.626901][ T2805] loop0: rw=1, sector=2092, nr_sectors = 1 limit=2048 [ 111.640520][ T2805] Buffer I/O error on dev loop0, logical block 2092, lost async page write [ 111.649205][ T2805] kworker/u4:10: attempt to access beyond end of device [ 111.649205][ T2805] loop0: rw=1, sector=2101, nr_sectors = 1 limit=2048 [ 111.662813][ T2805] Buffer I/O error on dev loop0, logical block 2101, lost async page write [ 111.671489][ T2805] Buffer I/O error on dev loop0, logical block 2102, lost async page write umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5228 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5228] chdir("./52") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5228] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5229 attached [pid 5229] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5228] <... clone3 resumed> => {parent_tid=[5229]}, 88) = 5229 [pid 5229] <... rseq resumed>) = 0 [pid 5229] set_robust_list(0x7f50e61789a0, 24 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] <... set_robust_list resumed>) = 0 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5229] memfd_create("syzkaller", 0) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5229] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./file0", 0777) = 0 [pid 5229] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file0") = 0 [pid 5229] ioctl(4, LOOP_CLR_FD) = 0 [pid 5229] close(4) = 0 [pid 5229] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... open resumed>) = 4 [pid 5229] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = 1 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5229] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 1 [pid 5228] <... futex resumed>) = 0 [ 111.960151][ T5229] loop0: detected capacity change from 0 to 2048 [ 111.975208][ T5229] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 111.987278][ T5229] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5229] ftruncate(5, 33587199 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... ftruncate resumed>) = 0 [pid 5229] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5228] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5228] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5229] <... mmap resumed>) = 0x20000000 [pid 5229] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] <... mprotect resumed>) = 0 [pid 5228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5230 attached [pid 5230] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5228] <... clone3 resumed> => {parent_tid=[5230]}, 88) = 5230 [pid 5230] <... rseq resumed>) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] set_robust_list(0x7f50e61579a0, 24 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] <... set_robust_list resumed>) = 0 [pid 5228] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] <... futex resumed>) = 0 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5230] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5230] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] read(6, [pid 5228] <... futex resumed>) = 1 [pid 5228] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5228] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5228] <... futex resumed>) = 1 [pid 5228] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5229] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5229] ???( [pid 5228] <... futex resumed>) = ? [pid 5229] <... ??? resumed>) = ? [pid 5229] +++ killed by SIGBUS +++ [pid 5230] +++ killed by SIGBUS +++ [pid 5228] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5228, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached , child_tidptr=0x55555720b690) = 5231 [pid 5231] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5231] chdir("./53") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5231] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5232 attached [pid 5232] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5231] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] set_robust_list(0x7f50e61789a0, 24 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] <... set_robust_list resumed>) = 0 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] <... futex resumed>) = 0 [pid 5232] memfd_create("syzkaller", 0 [pid 5231] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] <... memfd_create resumed>) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5232] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file0", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file0") = 0 [pid 5232] ioctl(4, LOOP_CLR_FD) = 0 [pid 5232] close(4) = 0 [pid 5232] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5231] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... open resumed>) = 4 [pid 5232] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5232] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] <... futex resumed>) = 0 [pid 5232] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5231] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... open resumed>) = 5 [pid 5232] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [ 112.739328][ T5232] loop0: detected capacity change from 0 to 2048 [ 112.750487][ T5232] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 112.762876][ T5232] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5232] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] ftruncate(5, 33587199 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... ftruncate resumed>) = 0 [pid 5232] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5231] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5231] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5231] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5232] <... mmap resumed>) = 0x20000000 [pid 5231] <... mprotect resumed>) = 0 [pid 5231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5232] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5232] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5233 attached [pid 5233] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5233] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5231] <... clone3 resumed> => {parent_tid=[5233]}, 88) = 5233 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5233] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5233] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5233] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] read(6, [pid 5231] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5231] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] <... futex resumed>) = 0 [pid 5233] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5232] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5231] <... futex resumed>) = ? [pid 5233] +++ killed by SIGBUS +++ [pid 5232] +++ killed by SIGBUS +++ [pid 5231] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5231, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x55555720b690) = 5234 [pid 5234] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5234] chdir("./54") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5234] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5235 attached [pid 5235] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5234] <... clone3 resumed> => {parent_tid=[5235]}, 88) = 5235 [pid 5235] set_robust_list(0x7f50e61789a0, 24 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] <... set_robust_list resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] memfd_create("syzkaller", 0 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5235] <... memfd_create resumed>) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5235] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5235] close(3) = 0 [pid 5235] mkdir("./file0", 0777) = 0 [pid 5235] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5235] chdir("./file0") = 0 [pid 5235] ioctl(4, LOOP_CLR_FD) = 0 [pid 5235] close(4) = 0 [ 113.531260][ T5235] loop0: detected capacity change from 0 to 2048 [ 113.560109][ T5235] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 113.572493][ T5235] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5235] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5234] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... open resumed>) = 4 [pid 5235] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5235] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5234] <... futex resumed>) = 1 [pid 5235] <... open resumed>) = 5 [pid 5234] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5234] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] ftruncate(5, 33587199 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... ftruncate resumed>) = 0 [pid 5235] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5234] <... futex resumed>) = 1 [pid 5235] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5234] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5234] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5234] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] <... mmap resumed>) = 0x20000000 [pid 5234] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5235] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5236 attached [pid 5236] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5236] set_robust_list(0x7f50e61579a0, 24 [pid 5234] <... clone3 resumed> => {parent_tid=[5236]}, 88) = 5236 [pid 5236] <... set_robust_list resumed>) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5236] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5236] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] read(6, [pid 5234] <... futex resumed>) = 1 [pid 5234] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5234] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5234] <... futex resumed>) = 1 [pid 5234] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5235] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5235] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5234] <... futex resumed>) = ? [pid 5236] +++ killed by SIGBUS +++ [pid 5235] +++ killed by SIGBUS +++ [pid 5234] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5234, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached , child_tidptr=0x55555720b690) = 5237 [pid 5237] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5237] chdir("./55") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5237] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5238 attached => {parent_tid=[5238]}, 88) = 5238 [pid 5238] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] set_robust_list(0x7f50e61789a0, 24 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] <... futex resumed>) = 0 [pid 5238] memfd_create("syzkaller", 0 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] <... memfd_create resumed>) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5238] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file0", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file0") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.279432][ T5238] loop0: detected capacity change from 0 to 2048 [ 114.304639][ T5238] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 114.316564][ T5238] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5238] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5238] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... open resumed>) = 5 [pid 5238] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5238] ftruncate(5, 33587199 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... ftruncate resumed>) = 0 [pid 5238] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5237] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5237] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5237] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] <... mmap resumed>) = 0x20000000 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5238] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5239 attached [pid 5239] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5237] <... clone3 resumed> => {parent_tid=[5239]}, 88) = 5239 [pid 5239] set_robust_list(0x7f50e61579a0, 24 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... set_robust_list resumed>) = 0 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5237] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5239] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5237] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... futex resumed>) = 1 [pid 5237] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 0 [pid 5238] read(6, [pid 5237] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5237] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5237] <... futex resumed>) = 1 [pid 5237] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5238] <... read resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5239] +++ killed by SIGBUS +++ [pid 5238] +++ killed by SIGBUS +++ [pid 5237] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5237, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x55555720b690) = 5240 [pid 5240] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5240] chdir("./56") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5240] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5241 attached [pid 5241] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5240] <... clone3 resumed> => {parent_tid=[5241]}, 88) = 5241 [pid 5241] <... rseq resumed>) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] set_robust_list(0x7f50e61789a0, 24 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] <... set_robust_list resumed>) = 0 [pid 5240] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... futex resumed>) = 0 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5241] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] mkdir("./file0", 0777) = 0 [pid 5241] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./file0") = 0 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... open resumed>) = 4 [pid 5241] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5240] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... open resumed>) = 5 [pid 5241] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5241] ftruncate(5, 33587199 [ 114.913353][ T5241] loop0: detected capacity change from 0 to 2048 [ 114.940977][ T5241] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 114.952997][ T5241] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5240] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... ftruncate resumed>) = 0 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] <... futex resumed>) = 0 [pid 5241] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5240] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5240] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5240] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5241] <... mmap resumed>) = 0x20000000 [pid 5240] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5241] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5242 attached [pid 5241] <... futex resumed>) = 0 [pid 5240] <... clone3 resumed> => {parent_tid=[5242]}, 88) = 5242 [pid 5242] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5241] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] <... rseq resumed>) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] set_robust_list(0x7f50e61579a0, 24 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] <... set_robust_list resumed>) = 0 [pid 5240] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... futex resumed>) = 0 [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5242] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5241] read(6, [pid 5240] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5240] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5240] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5241] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5241] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5240] <... futex resumed>) = ? [pid 5242] +++ killed by SIGBUS +++ [pid 5241] +++ killed by SIGBUS +++ [pid 5240] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5240, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached , child_tidptr=0x55555720b690) = 5243 [pid 5243] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5243] chdir("./57") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5243] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5244 attached [pid 5244] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5243] <... clone3 resumed> => {parent_tid=[5244]}, 88) = 5244 [pid 5244] set_robust_list(0x7f50e61789a0, 24 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] <... set_robust_list resumed>) = 0 [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5243] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5244] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] mkdir("./file0", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5244] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file0") = 0 [pid 5244] ioctl(4, LOOP_CLR_FD) = 0 [pid 5244] close(4) = 0 [pid 5244] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5243] <... futex resumed>) = 0 [ 115.605111][ T5244] loop0: detected capacity change from 0 to 2048 [ 115.621274][ T5244] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 115.633622][ T5244] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5243] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... open resumed>) = 4 [pid 5244] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5244] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 1 [pid 5243] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] ftruncate(5, 33587199) = 0 [pid 5244] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5244] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5243] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5243] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5243] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] <... mmap resumed>) = 0x20000000 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5244] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5244] <... futex resumed>) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5244] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5245 attached [pid 5245] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5245] set_robust_list(0x7f50e61579a0, 24 [pid 5243] <... clone3 resumed> => {parent_tid=[5245]}, 88) = 5245 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5243] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5243] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5245] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5245] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] read(6, [pid 5243] <... futex resumed>) = 1 [pid 5243] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5243] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5243] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5244] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5244] +++ killed by SIGBUS +++ [pid 5243] <... futex resumed>) = ? [pid 5245] +++ killed by SIGBUS +++ [pid 5243] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5243, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5246 attached , child_tidptr=0x55555720b690) = 5246 [pid 5246] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5246] chdir("./58") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5246] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5247 attached [pid 5247] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5246] <... clone3 resumed> => {parent_tid=[5247]}, 88) = 5247 [pid 5247] set_robust_list(0x7f50e61789a0, 24 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... set_robust_list resumed>) = 0 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] memfd_create("syzkaller", 0 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] <... memfd_create resumed>) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5247] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] mkdir("./file0", 0777) = 0 [pid 5247] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5247] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./file0") = 0 [pid 5247] ioctl(4, LOOP_CLR_FD) = 0 [pid 5247] close(4) = 0 [pid 5247] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5246] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] <... open resumed>) = 4 [pid 5246] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 116.392500][ T5247] loop0: detected capacity change from 0 to 2048 [ 116.419417][ T5247] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 116.431682][ T5247] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5246] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5247] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5247] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 1 [pid 5247] ftruncate(5, 33587199) = 0 [pid 5247] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 1 [pid 5247] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5246] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5246] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5246] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5248 attached [pid 5248] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5246] <... clone3 resumed> => {parent_tid=[5248]}, 88) = 5248 [pid 5248] <... rseq resumed>) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... mmap resumed>) = 0x20000000 [pid 5248] set_robust_list(0x7f50e61579a0, 24 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] <... set_robust_list resumed>) = 0 [pid 5246] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... futex resumed>) = 0 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5247] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... openat resumed>) = 6 [pid 5248] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] read(6, [pid 5246] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5246] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5246] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5247] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5246] <... futex resumed>) = ? [pid 5248] +++ killed by SIGBUS +++ [pid 5247] +++ killed by SIGBUS +++ [pid 5246] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5246, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x55555720b690) = 5249 [pid 5249] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5249] chdir("./59") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5249] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5250 attached [pid 5250] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5249] <... clone3 resumed> => {parent_tid=[5250]}, 88) = 5250 [pid 5250] set_robust_list(0x7f50e61789a0, 24 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... set_robust_list resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5249] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] memfd_create("syzkaller", 0 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5250] <... memfd_create resumed>) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5250] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./file0", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file0") = 0 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5250] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [ 117.232190][ T5250] loop0: detected capacity change from 0 to 2048 [ 117.247884][ T5250] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 117.259967][ T5250] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5250] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] ftruncate(5, 33587199 [pid 5249] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... ftruncate resumed>) = 0 [pid 5250] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5249] <... futex resumed>) = 1 [pid 5249] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5249] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5250] <... mmap resumed>) = 0x20000000 [pid 5250] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... mprotect resumed>) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5251 attached [pid 5251] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5251] set_robust_list(0x7f50e61579a0, 24 [pid 5249] <... clone3 resumed> => {parent_tid=[5251]}, 88) = 5251 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5251] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5249] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5250] read(6, [pid 5249] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5249] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 0 [pid 5251] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5250] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5250] +++ killed by SIGBUS +++ [pid 5249] <... futex resumed>) = ? [pid 5251] +++ killed by SIGBUS +++ [pid 5249] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5249, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x55555720b690) = 5252 [pid 5252] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5252] chdir("./60") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5252] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5253 attached [pid 5253] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5252] <... clone3 resumed> => {parent_tid=[5253]}, 88) = 5253 [pid 5253] set_robust_list(0x7f50e61789a0, 24 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] <... set_robust_list resumed>) = 0 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] memfd_create("syzkaller", 0 [pid 5252] <... futex resumed>) = 0 [pid 5253] <... memfd_create resumed>) = 3 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5253] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] mkdir("./file0", 0777) = 0 [pid 5253] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./file0") = 0 [pid 5253] ioctl(4, LOOP_CLR_FD) = 0 [pid 5253] close(4) = 0 [pid 5253] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... futex resumed>) = 0 [ 117.882287][ T5253] loop0: detected capacity change from 0 to 2048 [ 117.897880][ T5253] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 117.910146][ T5253] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5252] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5253] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... open resumed>) = 4 [pid 5253] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5253] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] ftruncate(5, 33587199 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... ftruncate resumed>) = 0 [pid 5253] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5253] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5252] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5252] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5254] set_robust_list(0x7f50e61579a0, 24 [pid 5252] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5253] <... mmap resumed>) = 0x20000000 [pid 5254] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5254] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] read(6, [pid 5252] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5252] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5252] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5253] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5253] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] <... futex resumed>) = ? [pid 5253] +++ killed by SIGBUS +++ [pid 5254] +++ killed by SIGBUS +++ [pid 5252] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5252, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached , child_tidptr=0x55555720b690) = 5255 [pid 5255] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5255] chdir("./61") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5255] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5255] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5256] <... rseq resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] set_robust_list(0x7f50e61789a0, 24 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5255] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] <... futex resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5256] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file0", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file0") = 0 [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5256] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5255] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... open resumed>) = 4 [ 118.582819][ T5256] loop0: detected capacity change from 0 to 2048 [ 118.598768][ T5256] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 118.610422][ T5256] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5256] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5255] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] <... open resumed>) = 5 [pid 5255] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5255] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] ftruncate(5, 33587199) = 0 [pid 5256] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5255] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5255] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5255] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] <... mmap resumed>) = 0x20000000 [pid 5256] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... rseq resumed>) = 0 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] set_robust_list(0x7f50e61579a0, 24 [pid 5255] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5255] <... futex resumed>) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5257] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5257] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5256] read(6, [pid 5255] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5255] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5255] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5256] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5256] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5255] <... futex resumed>) = ? [pid 5257] +++ killed by SIGBUS +++ [pid 5256] +++ killed by SIGBUS +++ [pid 5255] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5255, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached , child_tidptr=0x55555720b690) = 5258 [pid 5258] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5258] chdir("./62") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5258] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5258] <... clone3 resumed> => {parent_tid=[5259]}, 88) = 5259 [pid 5259] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] memfd_create("syzkaller", 0 [pid 5258] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5259] <... memfd_create resumed>) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5259] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./file0", 0777) = 0 [pid 5259] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./file0") = 0 [pid 5259] ioctl(4, LOOP_CLR_FD) = 0 [pid 5259] close(4) = 0 [pid 5259] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 119.309424][ T5259] loop0: detected capacity change from 0 to 2048 [ 119.320026][ T5259] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 119.332123][ T5259] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5258] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... open resumed>) = 4 [pid 5259] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5258] <... futex resumed>) = 1 [pid 5259] <... open resumed>) = 5 [pid 5258] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] ftruncate(5, 33587199 [pid 5258] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... ftruncate resumed>) = 0 [pid 5259] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5259] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5258] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5258] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5258] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5259] <... mmap resumed>) = 0x20000000 [pid 5259] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5259] <... futex resumed>) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5259] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... clone3 resumed> => {parent_tid=[5260]}, 88) = 5260 ./strace-static-x86_64: Process 5260 attached [pid 5260] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... rseq resumed>) = 0 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] set_robust_list(0x7f50e61579a0, 24 [pid 5258] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5258] <... futex resumed>) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5260] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5260] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] read(6, [pid 5258] <... futex resumed>) = 1 [pid 5258] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5258] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5258] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5260] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5259] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5259] +++ killed by SIGBUS +++ [pid 5258] <... futex resumed>) = ? [pid 5260] +++ killed by SIGBUS +++ [pid 5258] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5258, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5261 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5261] chdir("./63") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5261] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5262] set_robust_list(0x7f50e61789a0, 24 [pid 5261] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] <... set_robust_list resumed>) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] memfd_create("syzkaller", 0 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] <... memfd_create resumed>) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5262] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] mkdir("./file0", 0777) = 0 [pid 5262] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file0") = 0 [pid 5262] ioctl(4, LOOP_CLR_FD) = 0 [pid 5262] close(4) = 0 [pid 5262] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5261] <... futex resumed>) = 0 [ 120.106987][ T5262] loop0: detected capacity change from 0 to 2048 [ 120.125949][ T5262] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 120.137970][ T5262] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... open resumed>) = 4 [pid 5262] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5261] <... futex resumed>) = 0 [pid 5262] <... open resumed>) = 5 [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] ftruncate(5, 33587199 [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... ftruncate resumed>) = 0 [pid 5262] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5261] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5261] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5261] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5262] <... mmap resumed>) = 0x20000000 [pid 5261] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5262] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5263 attached [pid 5263] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5261] <... clone3 resumed> => {parent_tid=[5263]}, 88) = 5263 [pid 5263] <... rseq resumed>) = 0 [pid 5263] set_robust_list(0x7f50e61579a0, 24 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] <... set_robust_list resumed>) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5263] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5263] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] read(6, [pid 5261] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5261] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5261] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 1 [pid 5261] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5262] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5263] +++ killed by SIGBUS +++ [pid 5261] <... futex resumed>) = ? [pid 5262] +++ killed by SIGBUS +++ [pid 5261] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5261, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached [pid 5264] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5264 [pid 5264] chdir("./64") = 0 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5264] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5264] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5265 attached [pid 5265] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5264] <... clone3 resumed> => {parent_tid=[5265]}, 88) = 5265 [pid 5265] set_robust_list(0x7f50e61789a0, 24 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] <... set_robust_list resumed>) = 0 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5264] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] memfd_create("syzkaller", 0 [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5265] <... memfd_create resumed>) = 3 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5265] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5265] close(3) = 0 [pid 5265] mkdir("./file0", 0777) = 0 [pid 5265] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5265] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5265] chdir("./file0") = 0 [pid 5265] ioctl(4, LOOP_CLR_FD) = 0 [pid 5265] close(4) = 0 [pid 5265] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5265] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5264] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... open resumed>) = 4 [pid 5265] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5265] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] <... futex resumed>) = 0 [pid 5265] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5264] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... open resumed>) = 5 [pid 5265] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [ 120.943986][ T5265] loop0: detected capacity change from 0 to 2048 [ 120.959385][ T5265] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 120.971491][ T5265] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5265] ftruncate(5, 33587199 [pid 5264] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... ftruncate resumed>) = 0 [pid 5265] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5265] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] <... futex resumed>) = 0 [pid 5265] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5264] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5264] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5264] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5266 attached [pid 5266] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5266] set_robust_list(0x7f50e61579a0, 24 [pid 5264] <... clone3 resumed> => {parent_tid=[5266]}, 88) = 5266 [pid 5266] <... set_robust_list resumed>) = 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5266] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5266] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] read(6, [pid 5264] <... futex resumed>) = 0 [pid 5264] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... mmap resumed>) = 0x20000000 [pid 5265] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5264] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5264] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5266] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5265] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5266] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5266] +++ killed by SIGBUS +++ [pid 5264] <... futex resumed>) = ? [pid 5265] +++ killed by SIGBUS +++ [pid 5264] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5264, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5267 attached , child_tidptr=0x55555720b690) = 5267 [pid 5267] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5267] chdir("./65") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5267] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5268] set_robust_list(0x7f50e61789a0, 24 [pid 5267] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] <... futex resumed>) = 0 [pid 5268] memfd_create("syzkaller", 0 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] <... memfd_create resumed>) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5268] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] mkdir("./file0", 0777) = 0 [pid 5268] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] chdir("./file0") = 0 [pid 5268] ioctl(4, LOOP_CLR_FD) = 0 [pid 5268] close(4) = 0 [pid 5268] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... open resumed>) = 4 [pid 5268] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [ 121.539646][ T5268] loop0: detected capacity change from 0 to 2048 [ 121.556597][ T5268] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 121.568747][ T5268] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5268] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] <... futex resumed>) = 0 [pid 5268] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... open resumed>) = 5 [pid 5268] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5268] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] ftruncate(5, 33587199 [pid 5267] <... futex resumed>) = 0 [pid 5268] <... ftruncate resumed>) = 0 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5268] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... mmap resumed>) = 0x20000000 [pid 5267] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5268] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5268] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] read(6, [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5267] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5267] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5269 attached [pid 5269] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5267] <... clone3 resumed> => {parent_tid=[5269]}, 88) = 5269 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] set_robust_list(0x7f50e61579a0, 24 [pid 5267] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... set_robust_list resumed>) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006b000} --- [pid 5267] <... futex resumed>) = ? [pid 5268] <... read resumed> ) = ? [pid 5269] +++ killed by SIGBUS +++ [pid 5268] +++ killed by SIGBUS +++ [pid 5267] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5267, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5270 attached , child_tidptr=0x55555720b690) = 5270 [pid 5270] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5270] chdir("./66") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5270] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5270] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5271 attached [pid 5271] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5270] <... clone3 resumed> => {parent_tid=[5271]}, 88) = 5271 [pid 5271] <... rseq resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5271] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5271] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] close(3) = 0 [pid 5271] mkdir("./file0", 0777) = 0 [pid 5271] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5271] chdir("./file0") = 0 [pid 5271] ioctl(4, LOOP_CLR_FD) = 0 [pid 5271] close(4) = 0 [pid 5271] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [ 122.163736][ T5271] loop0: detected capacity change from 0 to 2048 [ 122.191899][ T5271] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 122.203897][ T5271] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5271] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] <... futex resumed>) = 0 [pid 5271] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5270] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... open resumed>) = 4 [pid 5271] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [pid 5271] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5271] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5270] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] ftruncate(5, 33587199 [pid 5270] <... futex resumed>) = 0 [pid 5270] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... ftruncate resumed>) = 0 [pid 5271] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5270] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5270] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5270] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5271] <... mmap resumed>) = 0x20000000 [pid 5271] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5272 attached => {parent_tid=[5272]}, 88) = 5272 [pid 5272] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5272] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5270] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5272] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5272] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5271] read(6, [pid 5270] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5270] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5270] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5272] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5271] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5271] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5270] <... futex resumed>) = ? [pid 5272] +++ killed by SIGBUS +++ [pid 5271] +++ killed by SIGBUS +++ [pid 5270] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5270, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5273 [pid 5273] <... set_robust_list resumed>) = 0 [pid 5273] chdir("./67") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5273] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5274 attached => {parent_tid=[5274]}, 88) = 5274 [pid 5274] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] set_robust_list(0x7f50e61789a0, 24 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5274] <... set_robust_list resumed>) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] memfd_create("syzkaller", 0) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5274] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] mkdir("./file0", 0777) = 0 [pid 5274] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./file0") = 0 [pid 5274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5274] close(4) = 0 [pid 5274] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 122.961637][ T5274] loop0: detected capacity change from 0 to 2048 [ 122.986274][ T5274] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 122.998440][ T5274] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5274] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5273] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... open resumed>) = 4 [pid 5274] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5274] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5274] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5274] ftruncate(5, 33587199) = 0 [pid 5274] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5274] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5273] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5273] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5275 attached => {parent_tid=[5275]}, 88) = 5275 [pid 5275] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... rseq resumed>) = 0 [pid 5275] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5275] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] read(6, [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5273] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5276 attached [pid 5276] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5274] <... mmap resumed>) = 0x20000000 [pid 5276] <... rseq resumed>) = 0 [pid 5273] <... clone3 resumed> => {parent_tid=[5276]}, 88) = 5276 [pid 5276] set_robust_list(0x7f50e61369a0, 24 [pid 5274] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5274] <... futex resumed>) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] futex(0x7f50e62636e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 0 [pid 5276] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5275] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5274] <... futex resumed>) = ? [pid 5273] <... futex resumed>) = ? [pid 5276] +++ killed by SIGBUS +++ [pid 5275] +++ killed by SIGBUS +++ [pid 5274] +++ killed by SIGBUS +++ [pid 5273] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5273, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5277 attached , child_tidptr=0x55555720b690) = 5277 [pid 5277] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5277] chdir("./68") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5277] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] <... rseq resumed>) = 0 [pid 5278] set_robust_list(0x7f50e61789a0, 24 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] <... set_robust_list resumed>) = 0 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] <... futex resumed>) = 0 [pid 5278] memfd_create("syzkaller", 0 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] <... memfd_create resumed>) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5278] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] mkdir("./file0", 0777) = 0 [pid 5278] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5278] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file0") = 0 [pid 5278] ioctl(4, LOOP_CLR_FD) = 0 [pid 5278] close(4) = 0 [pid 5278] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 123.702579][ T5278] loop0: detected capacity change from 0 to 2048 [ 123.727957][ T5278] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 123.739625][ T5278] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5278] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 0 [pid 5278] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5278] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5278] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... open resumed>) = 5 [pid 5278] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] ftruncate(5, 33587199 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... ftruncate resumed>) = 0 [pid 5278] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5278] <... mmap resumed>) = 0x20000000 [pid 5277] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5278] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... mprotect resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5279 attached [pid 5279] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5279]}, 88) = 5279 [pid 5279] <... rseq resumed>) = 0 [pid 5279] set_robust_list(0x7f50e61579a0, 24 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5279] <... set_robust_list resumed>) = 0 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5279] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5279] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] read(6, [pid 5277] <... futex resumed>) = 1 [pid 5277] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5277] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5278] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5278] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5279] +++ killed by SIGBUS +++ [pid 5278] +++ killed by SIGBUS +++ [pid 5277] <... futex resumed>) = ? [pid 5277] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5277, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5280 attached , child_tidptr=0x55555720b690) = 5280 [pid 5280] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5280] chdir("./69") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5280] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5281 attached [pid 5281] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5281] set_robust_list(0x7f50e61789a0, 24 [pid 5280] <... clone3 resumed> => {parent_tid=[5281]}, 88) = 5281 [pid 5281] <... set_robust_list resumed>) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5280] rt_sigprocmask(SIG_SETMASK, [], [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5281] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] memfd_create("syzkaller", 0 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5281] <... memfd_create resumed>) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5281] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./file0", 0777) = 0 [pid 5281] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./file0") = 0 [pid 5281] ioctl(4, LOOP_CLR_FD) = 0 [pid 5281] close(4) = 0 [pid 5281] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5281] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5280] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... open resumed>) = 4 [pid 5281] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5281] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5281] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5281] ftruncate(5, 33587199 [pid 5280] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... ftruncate resumed>) = 0 [pid 5281] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5281] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5281] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 124.461440][ T5281] loop0: detected capacity change from 0 to 2048 [ 124.487159][ T5281] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 124.499120][ T5281] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5280] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5280] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5280] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5281] <... mmap resumed>) = 0x20000000 [pid 5281] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5281] <... futex resumed>) = 0 [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5281] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5280] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... rseq resumed>) = 0 [pid 5280] <... futex resumed>) = 0 [pid 5282] set_robust_list(0x7f50e61579a0, 24 [pid 5280] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... set_robust_list resumed>) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5282] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5282] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5281] read(6, [pid 5280] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5280] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5280] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5281] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5281] ???() = ? [pid 5281] +++ killed by SIGBUS +++ [pid 5280] <... futex resumed>) = ? [pid 5282] +++ killed by SIGBUS +++ [pid 5280] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5280, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x55555720b690) = 5283 [pid 5283] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5283] chdir("./70") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5283] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5284 attached => {parent_tid=[5284]}, 88) = 5284 [pid 5284] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5284] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] memfd_create("syzkaller", 0 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] <... memfd_create resumed>) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5284] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] mkdir("./file0", 0777) = 0 [pid 5284] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file0") = 0 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 125.166387][ T5284] loop0: detected capacity change from 0 to 2048 [ 125.192333][ T5284] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 125.204417][ T5284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5284] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... open resumed>) = 4 [pid 5284] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... open resumed>) = 5 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... futex resumed>) = 0 [pid 5284] ftruncate(5, 33587199) = 0 [pid 5284] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5283] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5284] <... mmap resumed>) = 0x20000000 [pid 5284] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... mmap resumed>) = 0x7f50e6137000 [pid 5283] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... mprotect resumed>) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5285 attached [pid 5285] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] <... clone3 resumed> => {parent_tid=[5285]}, 88) = 5285 [pid 5285] set_robust_list(0x7f50e61579a0, 24 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] <... set_robust_list resumed>) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5285] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5283] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = 0 [pid 5284] read(6, [pid 5283] <... futex resumed>) = 1 [pid 5283] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5283] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5283] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5285] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5285] +++ killed by SIGBUS +++ [pid 5284] <... read resumed> ) = ? [pid 5283] <... futex resumed>) = ? [pid 5284] +++ killed by SIGBUS +++ [pid 5283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached , child_tidptr=0x55555720b690) = 5286 [pid 5286] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5286] chdir("./71") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5286] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5286] <... clone3 resumed> => {parent_tid=[5287]}, 88) = 5287 [pid 5287] <... rseq resumed>) = 0 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] set_robust_list(0x7f50e61789a0, 24 [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] <... set_robust_list resumed>) = 0 [pid 5286] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] <... futex resumed>) = 0 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5287] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] mkdir("./file0", 0777) = 0 [pid 5287] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./file0") = 0 [pid 5287] ioctl(4, LOOP_CLR_FD) = 0 [pid 5287] close(4) = 0 [ 125.870054][ T5287] loop0: detected capacity change from 0 to 2048 [ 125.898147][ T5287] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 125.909880][ T5287] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5287] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... open resumed>) = 4 [pid 5287] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5286] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5287] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5287] ftruncate(5, 33587199 [pid 5286] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... ftruncate resumed>) = 0 [pid 5287] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5287] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5286] <... futex resumed>) = 0 [pid 5287] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5286] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5286] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5286] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5287] <... mmap resumed>) = 0x20000000 [pid 5287] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5287] <... futex resumed>) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5287] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5288 attached [pid 5288] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5286] <... clone3 resumed> => {parent_tid=[5288]}, 88) = 5288 [pid 5288] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5288] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5288] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5287] read(6, [pid 5286] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5286] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 0 [pid 5288] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5287] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5286] <... futex resumed>) = ? [pid 5288] +++ killed by SIGBUS +++ [pid 5287] +++ killed by SIGBUS +++ [pid 5286] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5286, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5289 [pid 5289] <... set_robust_list resumed>) = 0 [pid 5289] chdir("./72") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5289] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5290 attached => {parent_tid=[5290]}, 88) = 5290 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5290] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5290] <... rseq resumed>) = 0 [pid 5290] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5290] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./file0", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file0") = 0 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [ 126.658341][ T5290] loop0: detected capacity change from 0 to 2048 [ 126.675046][ T5290] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 126.687073][ T5290] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5290] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] <... futex resumed>) = 0 [pid 5290] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5289] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... open resumed>) = 4 [pid 5290] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... futex resumed>) = 1 [pid 5289] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... open resumed>) = 5 [pid 5289] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] ftruncate(5, 33587199 [pid 5289] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... ftruncate resumed>) = 0 [pid 5290] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] <... futex resumed>) = 0 [pid 5290] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5289] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5289] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5289] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5290] <... mmap resumed>) = 0x20000000 [pid 5290] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5291 attached [pid 5291] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5289] <... clone3 resumed> => {parent_tid=[5291]}, 88) = 5291 [pid 5291] <... rseq resumed>) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5291] set_robust_list(0x7f50e61579a0, 24 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5291] <... set_robust_list resumed>) = 0 [pid 5289] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5291] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5291] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5290] read(6, [pid 5289] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5289] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5289] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5291] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5290] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5290] ???() = ? [pid 5290] +++ killed by SIGBUS +++ [pid 5289] <... futex resumed>) = ? [pid 5291] +++ killed by SIGBUS +++ [pid 5289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5292 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5292] chdir("./73") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5292] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5293 attached [pid 5293] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5293] set_robust_list(0x7f50e61789a0, 24 [pid 5292] <... clone3 resumed> => {parent_tid=[5293]}, 88) = 5293 [pid 5293] <... set_robust_list resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] <... futex resumed>) = 0 [pid 5293] memfd_create("syzkaller", 0 [pid 5292] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5293] <... memfd_create resumed>) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5293] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] mkdir("./file0", 0777) = 0 [pid 5293] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file0") = 0 [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [ 127.343091][ T5293] loop0: detected capacity change from 0 to 2048 [ 127.361403][ T5293] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 127.373523][ T5293] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5293] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5292] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... open resumed>) = 4 [pid 5293] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5293] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5292] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... open resumed>) = 5 [pid 5293] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5292] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] ftruncate(5, 33587199 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... ftruncate resumed>) = 0 [pid 5293] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5293] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5292] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5292] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] <... mmap resumed>) = 0x20000000 [pid 5292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5294 attached [pid 5293] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5292] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5294] <... rseq resumed>) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] set_robust_list(0x7f50e61579a0, 24 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] <... futex resumed>) = 0 [pid 5292] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] <... futex resumed>) = 0 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5292] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 6 [pid 5294] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5294] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5293] read(6, [pid 5292] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5292] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5292] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5293] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5292] <... futex resumed>) = ? [pid 5294] +++ killed by SIGBUS +++ [pid 5293] +++ killed by SIGBUS +++ [pid 5292] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5292, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5295 attached , child_tidptr=0x55555720b690) = 5295 [pid 5295] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5295] chdir("./74") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5295] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5296 attached [pid 5296] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5295] <... clone3 resumed> => {parent_tid=[5296]}, 88) = 5296 [pid 5296] <... rseq resumed>) = 0 [pid 5296] set_robust_list(0x7f50e61789a0, 24 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5296] <... set_robust_list resumed>) = 0 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5295] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] memfd_create("syzkaller", 0 [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5296] <... memfd_create resumed>) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5296] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] mkdir("./file0", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file0") = 0 [ 128.088941][ T5296] loop0: detected capacity change from 0 to 2048 [ 128.105487][ T5296] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 128.117995][ T5296] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5296] ioctl(4, LOOP_CLR_FD) = 0 [pid 5296] close(4) = 0 [pid 5296] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5295] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... open resumed>) = 4 [pid 5296] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5295] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... futex resumed>) = 0 [pid 5296] ftruncate(5, 33587199 [pid 5295] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... ftruncate resumed>) = 0 [pid 5296] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] <... futex resumed>) = 0 [pid 5296] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5295] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5295] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5295] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5296] <... mmap resumed>) = 0x20000000 [pid 5296] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5296] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5297 attached [pid 5296] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5295] <... clone3 resumed> => {parent_tid=[5297]}, 88) = 5297 [pid 5297] <... rseq resumed>) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] set_robust_list(0x7f50e61579a0, 24 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] <... set_robust_list resumed>) = 0 [pid 5295] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] <... futex resumed>) = 0 [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5297] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5296] read(6, [pid 5295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5295] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5295] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5296] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5296] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5295] <... futex resumed>) = ? [pid 5297] +++ killed by SIGBUS +++ [pid 5296] +++ killed by SIGBUS +++ [pid 5295] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5295, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x55555720b690) = 5298 [pid 5298] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5298] chdir("./75") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5298] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5299 attached [pid 5299] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5298] <... clone3 resumed> => {parent_tid=[5299]}, 88) = 5299 [pid 5299] set_robust_list(0x7f50e61789a0, 24 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... set_robust_list resumed>) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] memfd_create("syzkaller", 0 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] <... memfd_create resumed>) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5299] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] mkdir("./file0", 0777) = 0 [pid 5299] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./file0") = 0 [pid 5299] ioctl(4, LOOP_CLR_FD) = 0 [pid 5299] close(4) = 0 [pid 5299] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5298] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... open resumed>) = 4 [pid 5299] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5298] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... open resumed>) = 5 [pid 5298] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5299] ftruncate(5, 33587199 [ 128.750234][ T5299] loop0: detected capacity change from 0 to 2048 [ 128.761360][ T5299] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 128.773357][ T5299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5298] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... ftruncate resumed>) = 0 [pid 5299] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5299] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5298] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5298] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5298] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5300 attached [pid 5300] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5298] <... clone3 resumed> => {parent_tid=[5300]}, 88) = 5300 [pid 5300] <... rseq resumed>) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] set_robust_list(0x7f50e61579a0, 24 [pid 5299] <... mmap resumed>) = 0x20000000 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... futex resumed>) = 0 [pid 5298] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5300] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 1 [pid 5298] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5298] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] read(6, [pid 5298] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5298] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5298] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5299] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5299] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5298] <... futex resumed>) = ? [pid 5300] +++ killed by SIGBUS +++ [pid 5299] +++ killed by SIGBUS +++ [pid 5298] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5298, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached , child_tidptr=0x55555720b690) = 5301 [pid 5301] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5301] chdir("./76") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5301] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5302 attached => {parent_tid=[5302]}, 88) = 5302 [pid 5302] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] <... futex resumed>) = 0 [pid 5302] memfd_create("syzkaller", 0 [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5302] <... memfd_create resumed>) = 3 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5302] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5302] close(3) = 0 [pid 5302] mkdir("./file0", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5302] chdir("./file0") = 0 [pid 5302] ioctl(4, LOOP_CLR_FD) = 0 [pid 5302] close(4) = 0 [pid 5302] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] <... futex resumed>) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... open resumed>) = 4 [pid 5302] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 129.476447][ T5302] loop0: detected capacity change from 0 to 2048 [ 129.493264][ T5302] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 129.505374][ T5302] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5302] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5302] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] ftruncate(5, 33587199) = 0 [pid 5302] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5301] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5301] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5302] <... mmap resumed>) = 0x20000000 [pid 5301] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5302] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5302] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5303 attached [pid 5302] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5301] <... clone3 resumed> => {parent_tid=[5303]}, 88) = 5303 [pid 5303] <... rseq resumed>) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] set_robust_list(0x7f50e61579a0, 24 [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] <... set_robust_list resumed>) = 0 [pid 5301] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5301] <... futex resumed>) = 0 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5303] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5301] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... futex resumed>) = 0 [pid 5301] <... futex resumed>) = 1 [pid 5302] read(6, [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5301] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5301] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5301] <... futex resumed>) = 1 [pid 5301] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5302] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5301] <... futex resumed>) = ? [pid 5302] +++ killed by SIGBUS +++ [pid 5303] +++ killed by SIGBUS +++ [pid 5301] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5304 attached , child_tidptr=0x55555720b690) = 5304 [pid 5304] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5304] chdir("./77") = 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5304] setpgid(0, 0) = 0 [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5304] write(3, "1000", 4) = 4 [pid 5304] close(3) = 0 [pid 5304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5304] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5305 attached [pid 5305] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5304] <... clone3 resumed> => {parent_tid=[5305]}, 88) = 5305 [pid 5305] set_robust_list(0x7f50e61789a0, 24 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] <... set_robust_list resumed>) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] memfd_create("syzkaller", 0 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... memfd_create resumed>) = 3 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5305] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5305] close(3) = 0 [pid 5305] mkdir("./file0", 0777) = 0 [pid 5305] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5305] chdir("./file0") = 0 [pid 5305] ioctl(4, LOOP_CLR_FD) = 0 [pid 5305] close(4) = 0 [ 130.150782][ T5305] loop0: detected capacity change from 0 to 2048 [ 130.178109][ T5305] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 130.189999][ T5305] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5305] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5304] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... open resumed>) = 4 [pid 5305] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... open resumed>) = 5 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] ftruncate(5, 33587199) = 0 [pid 5305] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5304] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5304] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] <... mmap resumed>) = 0x20000000 [pid 5305] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5305] <... futex resumed>) = 0 [pid 5304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5305] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5306 attached [pid 5306] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5304] <... clone3 resumed> => {parent_tid=[5306]}, 88) = 5306 [pid 5306] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5306] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5306] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] read(6, [pid 5304] <... futex resumed>) = 1 [pid 5304] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5304] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5304] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5305] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5304] <... futex resumed>) = ? [pid 5306] +++ killed by SIGBUS +++ [pid 5305] +++ killed by SIGBUS +++ [pid 5304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5307 attached , child_tidptr=0x55555720b690) = 5307 [pid 5307] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5307] chdir("./78") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5307] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5307] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5308 attached => {parent_tid=[5308]}, 88) = 5308 [pid 5308] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5308] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5308] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] memfd_create("syzkaller", 0 [pid 5307] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] <... memfd_create resumed>) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5308] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5308] close(3) = 0 [pid 5308] mkdir("./file0", 0777) = 0 [pid 5308] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5308] chdir("./file0") = 0 [pid 5308] ioctl(4, LOOP_CLR_FD) = 0 [ 130.876144][ T5308] loop0: detected capacity change from 0 to 2048 [ 130.901676][ T5308] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 130.913813][ T5308] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5308] close(4) = 0 [pid 5308] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5307] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... open resumed>) = 4 [pid 5308] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 0 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5308] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] ftruncate(5, 33587199 [pid 5307] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... ftruncate resumed>) = 0 [pid 5308] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5308] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5307] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5307] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5307] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5308] <... mmap resumed>) = 0x20000000 [pid 5307] <... mprotect resumed>) = 0 [pid 5308] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5308] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5309 attached => {parent_tid=[5309]}, 88) = 5309 [pid 5309] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5307] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... rseq resumed>) = 0 [pid 5309] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5309] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5308] read(6, [pid 5307] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5307] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5307] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5307] <... futex resumed>) = ? [pid 5308] <... read resumed> ) = ? [pid 5309] +++ killed by SIGBUS +++ [pid 5308] +++ killed by SIGBUS +++ [pid 5307] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5307, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5310 attached , child_tidptr=0x55555720b690) = 5310 [pid 5310] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5310] chdir("./79") = 0 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5310] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5310] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5311 attached [pid 5311] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5310] <... clone3 resumed> => {parent_tid=[5311]}, 88) = 5311 [pid 5311] <... rseq resumed>) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], [pid 5311] set_robust_list(0x7f50e61789a0, 24 [pid 5310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] <... set_robust_list resumed>) = 0 [pid 5310] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5310] <... futex resumed>) = 0 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] memfd_create("syzkaller", 0 [pid 5310] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5311] <... memfd_create resumed>) = 3 [pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5311] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5311] close(3) = 0 [pid 5311] mkdir("./file0", 0777) = 0 [pid 5311] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5311] chdir("./file0") = 0 [pid 5311] ioctl(4, LOOP_CLR_FD) = 0 [pid 5311] close(4) = 0 [pid 5311] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5311] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5310] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... open resumed>) = 4 [pid 5310] <... futex resumed>) = 0 [pid 5311] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5310] <... futex resumed>) = 0 [pid 5311] <... open resumed>) = 5 [pid 5310] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5311] ftruncate(5, 33587199 [ 131.673584][ T5311] loop0: detected capacity change from 0 to 2048 [ 131.687938][ T5311] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 131.700046][ T5311] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5310] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... ftruncate resumed>) = 0 [pid 5310] <... futex resumed>) = 0 [pid 5311] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] <... futex resumed>) = 0 [pid 5311] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5310] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5310] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5310] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5311] <... mmap resumed>) = 0x20000000 [pid 5310] <... mprotect resumed>) = 0 [pid 5310] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5311] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5311] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5312 attached [pid 5312] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5312] set_robust_list(0x7f50e61579a0, 24 [pid 5310] <... clone3 resumed> => {parent_tid=[5312]}, 88) = 5312 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], [pid 5310] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5310] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5310] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... openat resumed>) = 6 [pid 5312] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5312] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5311] read(6, [pid 5310] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5310] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5310] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5311] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5311] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = ? [pid 5312] +++ killed by SIGBUS +++ [pid 5311] <... futex resumed>) = ? [pid 5311] +++ killed by SIGBUS +++ [pid 5310] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5310, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5313 [pid 5313] <... set_robust_list resumed>) = 0 [pid 5313] chdir("./80") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5313] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5313] <... clone3 resumed> => {parent_tid=[5314]}, 88) = 5314 [pid 5314] <... rseq resumed>) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] set_robust_list(0x7f50e61789a0, 24 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] <... futex resumed>) = 0 [pid 5314] memfd_create("syzkaller", 0 [pid 5313] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] <... memfd_create resumed>) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5314] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file0", 0777) = 0 [ 132.421025][ T5314] loop0: detected capacity change from 0 to 2048 [ 132.451028][ T5314] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5314] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file0") = 0 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5313] <... futex resumed>) = 0 [ 132.463086][ T5314] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5313] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... open resumed>) = 4 [pid 5314] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5314] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5313] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... open resumed>) = 5 [pid 5314] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] ftruncate(5, 33587199 [pid 5313] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... ftruncate resumed>) = 0 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5314] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5313] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5313] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5314] <... mmap resumed>) = 0x20000000 [pid 5314] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... mprotect resumed>) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5315 attached [pid 5315] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5315] set_robust_list(0x7f50e61579a0, 24 [pid 5313] <... clone3 resumed> => {parent_tid=[5315]}, 88) = 5315 [pid 5315] <... set_robust_list resumed>) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5313] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... openat resumed>) = 6 [pid 5315] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5313] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5314] read(6, [pid 5313] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5313] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5313] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5314] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5313] <... futex resumed>) = ? [pid 5315] +++ killed by SIGBUS +++ [pid 5314] +++ killed by SIGBUS +++ [pid 5313] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5313, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5316 attached , child_tidptr=0x55555720b690) = 5316 [pid 5316] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5316] chdir("./81") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5316] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5317 attached [pid 5317] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5316] <... clone3 resumed> => {parent_tid=[5317]}, 88) = 5317 [pid 5317] <... rseq resumed>) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] set_robust_list(0x7f50e61789a0, 24 [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5316] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] <... futex resumed>) = 0 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] memfd_create("syzkaller", 0 [pid 5316] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5317] <... memfd_create resumed>) = 3 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5317] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5317] close(3) = 0 [pid 5317] mkdir("./file0", 0777) = 0 [ 133.233087][ T5317] loop0: detected capacity change from 0 to 2048 [ 133.264020][ T5317] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5317] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5317] chdir("./file0") = 0 [pid 5317] ioctl(4, LOOP_CLR_FD) = 0 [pid 5317] close(4) = 0 [pid 5317] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5316] <... futex resumed>) = 0 [ 133.276141][ T5317] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5316] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... open resumed>) = 4 [pid 5317] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5316] <... futex resumed>) = 0 [pid 5317] <... open resumed>) = 5 [pid 5317] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5316] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] ftruncate(5, 33587199) = 0 [pid 5317] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5316] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5317] <... mmap resumed>) = 0x20000000 [pid 5316] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5317] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... mprotect resumed>) = 0 [pid 5316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5318 attached [pid 5318] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5316] <... clone3 resumed> => {parent_tid=[5318]}, 88) = 5318 [pid 5318] set_robust_list(0x7f50e61579a0, 24 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... set_robust_list resumed>) = 0 [pid 5316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5316] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5318] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5318] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = 1 [pid 5317] read(6, [pid 5316] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5316] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = 1 [pid 5316] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006d000} --- [pid 5317] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 257920 [pid 5316] <... futex resumed>) = ? [pid 5318] +++ killed by SIGBUS +++ [pid 5317] +++ killed by SIGBUS +++ [pid 5316] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5316, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x55555720b690) = 5319 [pid 5319] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5319] chdir("./82") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5319] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5320] set_robust_list(0x7f50e61789a0, 24 [pid 5319] <... clone3 resumed> => {parent_tid=[5320]}, 88) = 5320 [pid 5320] <... set_robust_list resumed>) = 0 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] memfd_create("syzkaller", 0 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] <... memfd_create resumed>) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5320] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./file0", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file0") = 0 [pid 5320] ioctl(4, LOOP_CLR_FD) = 0 [pid 5320] close(4) = 0 [pid 5320] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5319] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... open resumed>) = 4 [pid 5320] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [ 133.913580][ T5320] loop0: detected capacity change from 0 to 2048 [ 133.927713][ T5320] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 133.939948][ T5320] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5319] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... open resumed>) = 5 [pid 5319] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5319] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] ftruncate(5, 33587199 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... ftruncate resumed>) = 0 [pid 5320] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5319] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5319] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5320] <... mmap resumed>) = 0x20000000 [pid 5320] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5320] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5321 attached [pid 5320] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5319] <... clone3 resumed> => {parent_tid=[5321]}, 88) = 5321 [pid 5321] <... rseq resumed>) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5321] set_robust_list(0x7f50e61579a0, 24 [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5321] <... set_robust_list resumed>) = 0 [pid 5319] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... futex resumed>) = 0 [pid 5321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5321] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5319] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5320] read(6, [pid 5319] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5319] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5319] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5320] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5321] +++ killed by SIGBUS +++ [pid 5319] <... futex resumed>) = ? [pid 5320] +++ killed by SIGBUS +++ [pid 5319] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5319, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5322 attached , child_tidptr=0x55555720b690) = 5322 [pid 5322] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5322] chdir("./83") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5322] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5323 attached [pid 5323] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5323] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] <... clone3 resumed> => {parent_tid=[5323]}, 88) = 5323 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5323] memfd_create("syzkaller", 0) = 3 [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5323] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5323] close(3) = 0 [pid 5323] mkdir("./file0", 0777) = 0 [pid 5323] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5323] chdir("./file0") = 0 [pid 5323] ioctl(4, LOOP_CLR_FD) = 0 [pid 5323] close(4) = 0 [pid 5323] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5323] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... open resumed>) = 4 [pid 5323] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... open resumed>) = 5 [pid 5323] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... futex resumed>) = 1 [pid 5323] ftruncate(5, 33587199) = 0 [ 134.589362][ T5323] loop0: detected capacity change from 0 to 2048 [ 134.600020][ T5323] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 134.612109][ T5323] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5323] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5322] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5322] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5322] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5322] <... clone3 resumed> => {parent_tid=[5324]}, 88) = 5324 [pid 5324] set_robust_list(0x7f50e61579a0, 24 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... set_robust_list resumed>) = 0 [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] <... mmap resumed>) = 0x20000000 [pid 5322] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5324] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] read(6, [pid 5322] <... futex resumed>) = 1 [pid 5322] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5322] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 0 [pid 5324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5323] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5322] <... futex resumed>) = ? [pid 5323] +++ killed by SIGBUS +++ [pid 5324] +++ killed by SIGBUS +++ [pid 5322] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5322, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5325 attached , child_tidptr=0x55555720b690) = 5325 [pid 5325] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5325] chdir("./84") = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5325] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5326 attached [pid 5326] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5325] <... clone3 resumed> => {parent_tid=[5326]}, 88) = 5326 [pid 5326] set_robust_list(0x7f50e61789a0, 24 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] <... set_robust_list resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] memfd_create("syzkaller", 0 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5326] <... memfd_create resumed>) = 3 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5326] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5326] close(3) = 0 [pid 5326] mkdir("./file0", 0777) = 0 [pid 5326] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5326] chdir("./file0") = 0 [pid 5326] ioctl(4, LOOP_CLR_FD) = 0 [pid 5326] close(4) = 0 [pid 5326] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... futex resumed>) = 1 [pid 5325] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... open resumed>) = 4 [pid 5326] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... open resumed>) = 5 [pid 5326] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] ftruncate(5, 33587199 [ 135.279654][ T5326] loop0: detected capacity change from 0 to 2048 [ 135.290165][ T5326] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 135.302389][ T5326] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5325] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] <... ftruncate resumed>) = 0 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] <... futex resumed>) = 0 [pid 5325] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5325] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5325] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5327 attached [pid 5326] <... mmap resumed>) = 0x20000000 [pid 5325] <... clone3 resumed> => {parent_tid=[5327]}, 88) = 5327 [pid 5327] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5326] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] <... rseq resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] set_robust_list(0x7f50e61579a0, 24 [pid 5326] <... futex resumed>) = 0 [pid 5325] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... set_robust_list resumed>) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5327] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] read(6, [pid 5325] <... futex resumed>) = 1 [pid 5325] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5325] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5325] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006d000} --- [pid 5326] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 257920 [pid 5326] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5327] +++ killed by SIGBUS +++ [pid 5326] +++ killed by SIGBUS +++ [pid 5325] <... futex resumed>) = ? [pid 5325] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5325, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5328 attached , child_tidptr=0x55555720b690) = 5328 [pid 5328] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5328] chdir("./85") = 0 [pid 5328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5328] setpgid(0, 0) = 0 [pid 5328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5328] write(3, "1000", 4) = 4 [pid 5328] close(3) = 0 [pid 5328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5328] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5329 attached [pid 5329] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5328] <... clone3 resumed> => {parent_tid=[5329]}, 88) = 5329 [pid 5329] set_robust_list(0x7f50e61789a0, 24 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] <... set_robust_list resumed>) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] memfd_create("syzkaller", 0 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5329] <... memfd_create resumed>) = 3 [pid 5329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5329] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5329] close(3) = 0 [pid 5329] mkdir("./file0", 0777) = 0 [pid 5329] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5329] chdir("./file0") = 0 [pid 5329] ioctl(4, LOOP_CLR_FD) = 0 [pid 5329] close(4) = 0 [pid 5329] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... open resumed>) = 4 [pid 5329] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... futex resumed>) = 0 [ 135.943245][ T5329] loop0: detected capacity change from 0 to 2048 [ 135.959174][ T5329] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 135.971370][ T5329] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5328] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5329] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... futex resumed>) = 0 [pid 5328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] ftruncate(5, 33587199 [pid 5328] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... ftruncate resumed>) = 0 [pid 5329] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5329] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5328] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5328] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5328] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] <... mmap resumed>) = 0x20000000 [pid 5328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5329] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5330 attached [pid 5329] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5328] <... clone3 resumed> => {parent_tid=[5330]}, 88) = 5330 [pid 5330] <... rseq resumed>) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5330] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] <... futex resumed>) = 0 [pid 5330] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5328] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... openat resumed>) = 6 [pid 5330] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5330] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5328] <... futex resumed>) = 1 [pid 5328] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] read(6, [pid 5328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5328] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 0 [pid 5330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5329] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5328] <... futex resumed>) = ? [pid 5330] +++ killed by SIGBUS +++ [pid 5329] +++ killed by SIGBUS +++ [pid 5328] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5328, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5331 attached , child_tidptr=0x55555720b690) = 5331 [pid 5331] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5331] chdir("./86") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5331] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5332 attached => {parent_tid=[5332]}, 88) = 5332 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5332] <... rseq resumed>) = 0 [pid 5332] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5332] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] mkdir("./file0", 0777) = 0 [pid 5332] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./file0") = 0 [pid 5332] ioctl(4, LOOP_CLR_FD) = 0 [pid 5332] close(4) = 0 [pid 5332] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... open resumed>) = 4 [pid 5332] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5332] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5332] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5332] ftruncate(5, 33587199 [ 136.588057][ T5332] loop0: detected capacity change from 0 to 2048 [ 136.604056][ T5332] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 136.615861][ T5332] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5331] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... ftruncate resumed>) = 0 [pid 5332] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5332] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5331] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5331] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5331] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5332] <... mmap resumed>) = 0x20000000 [pid 5332] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... mprotect resumed>) = 0 [pid 5332] <... futex resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5332] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5333 attached [pid 5333] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5331] <... clone3 resumed> => {parent_tid=[5333]}, 88) = 5333 [pid 5333] <... rseq resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] set_robust_list(0x7f50e61579a0, 24 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] <... set_robust_list resumed>) = 0 [pid 5331] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] <... futex resumed>) = 0 [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5333] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5333] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5332] read(6, [pid 5331] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5331] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5331] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5332] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5332] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = ? [pid 5333] +++ killed by SIGBUS +++ [pid 5332] <... futex resumed>) = ? [pid 5332] +++ killed by SIGBUS +++ [pid 5331] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5331, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5334 attached , child_tidptr=0x55555720b690) = 5334 [pid 5334] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5334] chdir("./87") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5334] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5335 attached [pid 5335] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5334] <... clone3 resumed> => {parent_tid=[5335]}, 88) = 5335 [pid 5335] <... rseq resumed>) = 0 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5335] set_robust_list(0x7f50e61789a0, 24 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5335] <... set_robust_list resumed>) = 0 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] <... futex resumed>) = 0 [pid 5335] memfd_create("syzkaller", 0 [pid 5334] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5335] <... memfd_create resumed>) = 3 [pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5335] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5335] close(3) = 0 [pid 5335] mkdir("./file0", 0777) = 0 [pid 5335] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5335] chdir("./file0") = 0 [pid 5335] ioctl(4, LOOP_CLR_FD) = 0 [pid 5335] close(4) = 0 [pid 5335] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5334] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... open resumed>) = 4 [pid 5335] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5335] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5334] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5334] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] ftruncate(5, 33587199 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... ftruncate resumed>) = 0 [pid 5335] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = 1 [pid 5334] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5334] <... futex resumed>) = 0 [ 137.286464][ T5335] loop0: detected capacity change from 0 to 2048 [ 137.302790][ T5335] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 137.314702][ T5335] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5334] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5334] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5334] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5336 attached [pid 5336] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5334] <... clone3 resumed> => {parent_tid=[5336]}, 88) = 5336 [pid 5336] <... rseq resumed>) = 0 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5336] set_robust_list(0x7f50e61579a0, 24 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5334] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] <... futex resumed>) = 0 [pid 5336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5335] <... mmap resumed>) = 0x20000000 [pid 5336] <... openat resumed>) = 6 [pid 5335] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = 0 [pid 5336] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5335] read(6, [pid 5334] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5334] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5334] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5335] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5335] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5334] <... futex resumed>) = ? [pid 5336] +++ killed by SIGBUS +++ [pid 5335] +++ killed by SIGBUS +++ [pid 5334] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5334, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5337 attached , child_tidptr=0x55555720b690) = 5337 [pid 5337] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5337] chdir("./88") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5337] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5338 attached [pid 5338] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5337] <... clone3 resumed> => {parent_tid=[5338]}, 88) = 5338 [pid 5338] <... rseq resumed>) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5338] set_robust_list(0x7f50e61789a0, 24 [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5338] <... set_robust_list resumed>) = 0 [pid 5337] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] <... futex resumed>) = 0 [pid 5338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] memfd_create("syzkaller", 0) = 3 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5338] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5338] close(3) = 0 [pid 5338] mkdir("./file0", 0777) = 0 [pid 5338] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5338] chdir("./file0") = 0 [pid 5338] ioctl(4, LOOP_CLR_FD) = 0 [pid 5338] close(4) = 0 [pid 5338] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 138.034431][ T5338] loop0: detected capacity change from 0 to 2048 [ 138.055723][ T5338] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 138.067975][ T5338] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5337] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... open resumed>) = 4 [pid 5338] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5337] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5337] <... futex resumed>) = 0 [pid 5338] <... open resumed>) = 5 [pid 5337] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] ftruncate(5, 33587199 [pid 5337] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... ftruncate resumed>) = 0 [pid 5338] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5337] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5337] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5339]}, 88) = 5339 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5339 attached [pid 5337] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5337] <... futex resumed>) = 0 [pid 5339] <... rseq resumed>) = 0 [pid 5337] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5339] <... openat resumed>) = 6 [pid 5337] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5337] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5339] <... futex resumed>) = 0 [pid 5338] <... mmap resumed>) = 0x20000000 [pid 5339] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0} => {parent_tid=[5340]}, 88) = 5340 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5340 attached [pid 5338] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053) = 0 [pid 5337] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] set_robust_list(0x7f50e61369a0, 24 [pid 5337] <... futex resumed>) = 0 [pid 5340] <... set_robust_list resumed>) = 0 [pid 5337] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] read(6, [pid 5337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5337] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5337] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5340] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5339] <... futex resumed>) = ? [pid 5337] <... futex resumed>) = ? [pid 5340] +++ killed by SIGBUS +++ [pid 5339] +++ killed by SIGBUS +++ [pid 5338] +++ killed by SIGBUS +++ [pid 5337] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5337, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached , child_tidptr=0x55555720b690) = 5341 [pid 5341] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5341] chdir("./89") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5341] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5342 attached [pid 5342] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5341] <... clone3 resumed> => {parent_tid=[5342]}, 88) = 5342 [pid 5342] <... rseq resumed>) = 0 [pid 5342] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] memfd_create("syzkaller", 0 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] <... memfd_create resumed>) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5342] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file0", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5342] chdir("./file0") = 0 [pid 5342] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] close(4) = 0 [pid 5342] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... open resumed>) = 4 [pid 5342] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] ftruncate(5, 33587199 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... ftruncate resumed>) = 0 [pid 5342] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5341] <... futex resumed>) = 0 [ 138.785216][ T5342] loop0: detected capacity change from 0 to 2048 [ 138.800137][ T5342] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 138.812165][ T5342] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5341] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5341] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5343 attached [pid 5342] <... mmap resumed>) = 0x20000000 [pid 5343] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5341] <... clone3 resumed> => {parent_tid=[5343]}, 88) = 5343 [pid 5342] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... rseq resumed>) = 0 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] set_robust_list(0x7f50e61579a0, 24 [pid 5341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] <... set_robust_list resumed>) = 0 [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5343] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5343] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] read(6, [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5341] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5341] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5341] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5343] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5342] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5342] +++ killed by SIGBUS +++ [pid 5343] +++ killed by SIGBUS +++ [pid 5341] <... futex resumed>) = ? [pid 5341] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5341, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5344 [pid 5344] <... set_robust_list resumed>) = 0 [pid 5344] chdir("./90") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5344] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5345 attached => {parent_tid=[5345]}, 88) = 5345 [pid 5345] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5345] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5345] memfd_create("syzkaller", 0 [pid 5344] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5345] <... memfd_create resumed>) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5345] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file0", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file0") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5344] <... futex resumed>) = 0 [ 139.477865][ T5345] loop0: detected capacity change from 0 to 2048 [ 139.488330][ T5345] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 139.500056][ T5345] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5344] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... open resumed>) = 4 [pid 5345] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... open resumed>) = 5 [pid 5345] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] ftruncate(5, 33587199 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... ftruncate resumed>) = 0 [pid 5345] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5344] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5344] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5346 attached [pid 5345] <... mmap resumed>) = 0x20000000 [pid 5346] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5345] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... rseq resumed>) = 0 [pid 5345] <... futex resumed>) = 0 [pid 5346] set_robust_list(0x7f50e61579a0, 24 [pid 5345] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... set_robust_list resumed>) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5344] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5346] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5345] read(6, [pid 5344] <... futex resumed>) = 1 [pid 5344] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5344] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5344] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5346] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5345] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5344] <... futex resumed>) = ? [pid 5346] +++ killed by SIGBUS +++ [pid 5345] +++ killed by SIGBUS +++ [pid 5344] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5344, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5347 attached , child_tidptr=0x55555720b690) = 5347 [pid 5347] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5347] chdir("./91") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5347] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5348 attached [pid 5348] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5347] <... clone3 resumed> => {parent_tid=[5348]}, 88) = 5348 [pid 5348] <... rseq resumed>) = 0 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5348] set_robust_list(0x7f50e61789a0, 24 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5348] <... set_robust_list resumed>) = 0 [pid 5347] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] <... futex resumed>) = 0 [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5347] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5348] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] mkdir("./file0", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file0") = 0 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5348] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 140.199310][ T5348] loop0: detected capacity change from 0 to 2048 [ 140.215439][ T5348] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 140.227636][ T5348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5347] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... open resumed>) = 4 [pid 5348] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... futex resumed>) = 1 [pid 5348] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5348] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5348] ftruncate(5, 33587199 [pid 5347] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... ftruncate resumed>) = 0 [pid 5348] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5348] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5347] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5347] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5347] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5348] <... mmap resumed>) = 0x20000000 [pid 5347] <... mprotect resumed>) = 0 [pid 5348] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5348] <... futex resumed>) = 0 [pid 5347] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5348] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5349 attached [pid 5349] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5347] <... clone3 resumed> => {parent_tid=[5349]}, 88) = 5349 [pid 5349] <... rseq resumed>) = 0 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] set_robust_list(0x7f50e61579a0, 24 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] <... set_robust_list resumed>) = 0 [pid 5347] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5349] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5349] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5348] read(6, [pid 5347] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5347] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5347] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5348] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5347] <... futex resumed>) = ? [pid 5349] +++ killed by SIGBUS +++ [pid 5348] +++ killed by SIGBUS +++ [pid 5347] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5347, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5350 attached , child_tidptr=0x55555720b690) = 5350 [pid 5350] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5350] chdir("./92") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5350] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5351 attached [pid 5351] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5350] <... clone3 resumed> => {parent_tid=[5351]}, 88) = 5351 [pid 5351] set_robust_list(0x7f50e61789a0, 24 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... set_robust_list resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5350] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] memfd_create("syzkaller", 0 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... memfd_create resumed>) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5350] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5351] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file0", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./file0") = 0 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 0 [pid 5351] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 140.938824][ T5351] loop0: detected capacity change from 0 to 2048 [ 140.955195][ T5351] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 140.966984][ T5351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5351] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5351] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5350] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... open resumed>) = 5 [pid 5351] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] ftruncate(5, 33587199 [pid 5350] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... ftruncate resumed>) = 0 [pid 5351] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5351] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5350] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5350] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5350] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5352 attached => {parent_tid=[5352]}, 88) = 5352 [pid 5352] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] <... rseq resumed>) = 0 [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] set_robust_list(0x7f50e61579a0, 24 [pid 5350] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... set_robust_list resumed>) = 0 [pid 5350] <... futex resumed>) = 0 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5352] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5352] read(6, [pid 5350] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... mmap resumed>) = 0x20000000 [pid 5351] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5350] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 0 [pid 5351] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5352] <... read resumed> ) = ? [pid 5350] <... futex resumed>) = ? [pid 5352] +++ killed by SIGBUS +++ [pid 5351] +++ killed by SIGBUS +++ [pid 5350] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5350, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5353 attached , child_tidptr=0x55555720b690) = 5353 [pid 5353] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5353] chdir("./93") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5353] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5354 attached => {parent_tid=[5354]}, 88) = 5354 [pid 5354] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] <... rseq resumed>) = 0 [pid 5354] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5354] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file0", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file0") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 141.588853][ T5354] loop0: detected capacity change from 0 to 2048 [ 141.613900][ T5354] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 141.626000][ T5354] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5354] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... open resumed>) = 4 [pid 5354] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5353] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] <... open resumed>) = 5 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] ftruncate(5, 33587199 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... ftruncate resumed>) = 0 [pid 5354] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5353] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5353] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5353] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5355 attached => {parent_tid=[5355]}, 88) = 5355 [pid 5355] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... rseq resumed>) = 0 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] set_robust_list(0x7f50e61579a0, 24 [pid 5353] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] <... set_robust_list resumed>) = 0 [pid 5353] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5355] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... mmap resumed>) = 0x20000000 [pid 5355] <... futex resumed>) = 1 [pid 5354] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5355] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... futex resumed>) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] read(6, [pid 5353] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5353] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5353] <... futex resumed>) = 1 [pid 5353] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5354] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5353] <... futex resumed>) = ? [pid 5355] +++ killed by SIGBUS +++ [pid 5354] +++ killed by SIGBUS +++ [pid 5353] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5353, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5356 attached , child_tidptr=0x55555720b690) = 5356 [pid 5356] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5356] chdir("./94") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5356] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5357 attached [pid 5357] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5356] <... clone3 resumed> => {parent_tid=[5357]}, 88) = 5357 [pid 5357] <... rseq resumed>) = 0 [pid 5357] set_robust_list(0x7f50e61789a0, 24 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] <... set_robust_list resumed>) = 0 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], [pid 5356] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] memfd_create("syzkaller", 0 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5357] <... memfd_create resumed>) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5357] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./file0", 0777) = 0 [pid 5357] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file0") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 4 [pid 5357] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5356] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 5 [ 142.310516][ T5357] loop0: detected capacity change from 0 to 2048 [ 142.326581][ T5357] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 142.338517][ T5357] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5357] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 1 [pid 5357] ftruncate(5, 33587199) = 0 [pid 5357] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5356] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5356] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5356] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5357] <... mmap resumed>) = 0x20000000 [pid 5356] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5357] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5356] <... clone3 resumed> => {parent_tid=[5358]}, 88) = 5358 [pid 5358] set_robust_list(0x7f50e61579a0, 24 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] <... set_robust_list resumed>) = 0 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] rt_sigprocmask(SIG_SETMASK, [], [pid 5356] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5358] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5358] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5357] read(6, [pid 5356] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5356] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5356] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5357] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5356] <... futex resumed>) = ? [pid 5357] +++ killed by SIGBUS +++ [pid 5358] +++ killed by SIGBUS +++ [pid 5356] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5356, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5359 attached , child_tidptr=0x55555720b690) = 5359 [pid 5359] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5359] chdir("./95") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5359] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5360 attached => {parent_tid=[5360]}, 88) = 5360 [pid 5360] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5360] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5360] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file0", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file0") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [ 142.952395][ T5360] loop0: detected capacity change from 0 to 2048 [ 142.968220][ T5360] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 142.980460][ T5360] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5360] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... open resumed>) = 4 [pid 5360] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5360] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5359] <... futex resumed>) = 1 [pid 5360] <... open resumed>) = 5 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] ftruncate(5, 33587199 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... ftruncate resumed>) = 0 [pid 5360] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5359] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5359] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5359] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5360] <... mmap resumed>) = 0x20000000 [pid 5360] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5361 attached [pid 5361] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5361] set_robust_list(0x7f50e61579a0, 24 [pid 5359] <... clone3 resumed> => {parent_tid=[5361]}, 88) = 5361 [pid 5361] <... set_robust_list resumed>) = 0 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5359] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 0 [pid 5361] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5360] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] <... openat resumed>) = 6 [pid 5361] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5361] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5359] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] read(6, [pid 5359] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5359] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5359] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5361] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5360] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5359] <... futex resumed>) = ? [pid 5360] +++ killed by SIGBUS +++ [pid 5361] +++ killed by SIGBUS +++ [pid 5359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5362 attached , child_tidptr=0x55555720b690) = 5362 [pid 5362] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5362] chdir("./96") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5362] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5363 attached [pid 5363] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5363] set_robust_list(0x7f50e61789a0, 24 [pid 5362] <... clone3 resumed> => {parent_tid=[5363]}, 88) = 5363 [pid 5363] <... set_robust_list resumed>) = 0 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5363] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] memfd_create("syzkaller", 0 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5363] <... memfd_create resumed>) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5363] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file0", 0777) = 0 [pid 5363] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file0") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5363] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [ 143.708953][ T5363] loop0: detected capacity change from 0 to 2048 [ 143.735534][ T5363] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 143.747614][ T5363] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5363] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5363] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5362] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... open resumed>) = 5 [pid 5363] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] <... futex resumed>) = 0 [pid 5363] ftruncate(5, 33587199 [pid 5362] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... ftruncate resumed>) = 0 [pid 5363] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] <... futex resumed>) = 0 [pid 5363] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5362] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5362] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5362] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5363] <... mmap resumed>) = 0x20000000 [pid 5363] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5364 attached [pid 5364] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5364] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5362] <... clone3 resumed> => {parent_tid=[5364]}, 88) = 5364 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5364] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5362] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5363] read(6, [pid 5362] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5362] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5362] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5363] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5363] +++ killed by SIGBUS +++ [pid 5362] <... futex resumed>) = ? [pid 5364] +++ killed by SIGBUS +++ [pid 5362] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5362, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached , child_tidptr=0x55555720b690) = 5365 [pid 5365] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5365] chdir("./97") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5365] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5366 attached => {parent_tid=[5366]}, 88) = 5366 [pid 5366] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] set_robust_list(0x7f50e61789a0, 24 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5366] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file0", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file0") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5365] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 4 [pid 5366] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.505967][ T5366] loop0: detected capacity change from 0 to 2048 [ 144.522537][ T5366] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 144.534716][ T5366] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5366] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5365] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 5 [pid 5366] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] ftruncate(5, 33587199 [pid 5365] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... ftruncate resumed>) = 0 [pid 5366] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5365] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5365] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5365] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5366] <... mmap resumed>) = 0x20000000 [pid 5365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5366] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5367 attached [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... clone3 resumed> => {parent_tid=[5367]}, 88) = 5367 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5365] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5367] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5367] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 0 [pid 5366] read(6, [pid 5365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5365] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5365] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5367] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5366] <... read resumed>) = ? [pid 5365] <... futex resumed>) = ? [pid 5367] +++ killed by SIGBUS +++ [pid 5366] +++ killed by SIGBUS +++ [pid 5365] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached , child_tidptr=0x55555720b690) = 5368 [pid 5368] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5368] chdir("./98") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5368] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5369 attached [pid 5369] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5368] <... clone3 resumed> => {parent_tid=[5369]}, 88) = 5369 [pid 5369] <... rseq resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] set_robust_list(0x7f50e61789a0, 24 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... futex resumed>) = 0 [pid 5369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5369] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file0", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file0") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... open resumed>) = 4 [pid 5369] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 145.173467][ T5369] loop0: detected capacity change from 0 to 2048 [ 145.188965][ T5369] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 145.201291][ T5369] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5368] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... futex resumed>) = 0 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5369] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5368] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] ftruncate(5, 33587199 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... ftruncate resumed>) = 0 [pid 5369] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5368] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5368] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5368] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5369] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... clone3 resumed> => {parent_tid=[5370]}, 88) = 5370 [pid 5370] <... rseq resumed>) = 0 [pid 5369] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] set_robust_list(0x7f50e61579a0, 24 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5370] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... futex resumed>) = 0 [pid 5370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5370] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5370] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5368] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] read(6, [pid 5368] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5368] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5368] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5369] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5370] +++ killed by SIGBUS +++ [pid 5369] +++ killed by SIGBUS +++ [pid 5368] <... futex resumed>) = ? [pid 5368] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x55555720b690) = 5371 [pid 5371] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5371] chdir("./99") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5371] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5372 attached => {parent_tid=[5372]}, 88) = 5372 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] <... rseq resumed>) = 0 [pid 5371] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] set_robust_list(0x7f50e61789a0, 24 [pid 5371] <... futex resumed>) = 0 [pid 5372] <... set_robust_list resumed>) = 0 [pid 5371] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5372] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file0", 0777) = 0 [pid 5372] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file0") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... open resumed>) = 4 [ 145.873666][ T5372] loop0: detected capacity change from 0 to 2048 [ 145.889245][ T5372] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 145.901087][ T5372] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5372] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5371] <... futex resumed>) = 0 [pid 5372] <... open resumed>) = 5 [pid 5371] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] ftruncate(5, 33587199) = 0 [pid 5372] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5371] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5371] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5372] <... mmap resumed>) = 0x20000000 [pid 5372] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... mprotect resumed>) = 0 [pid 5372] <... futex resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5372] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5373 attached => {parent_tid=[5373]}, 88) = 5373 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5373] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5373] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5373] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] read(6, [pid 5371] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5371] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5372] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5371] <... futex resumed>) = ? [pid 5373] +++ killed by SIGBUS +++ [pid 5372] +++ killed by SIGBUS +++ [pid 5371] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5371, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5374 attached , child_tidptr=0x55555720b690) = 5374 [pid 5374] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5374] chdir("./100") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5374] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5375 attached [pid 5375] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5374] <... clone3 resumed> => {parent_tid=[5375]}, 88) = 5375 [pid 5375] <... rseq resumed>) = 0 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], [pid 5375] set_robust_list(0x7f50e61789a0, 24 [pid 5374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5375] <... set_robust_list resumed>) = 0 [pid 5374] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] <... futex resumed>) = 0 [pid 5375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5375] memfd_create("syzkaller", 0 [pid 5374] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5375] <... memfd_create resumed>) = 3 [pid 5375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5375] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] close(3) = 0 [pid 5375] mkdir("./file0", 0777) = 0 [pid 5375] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5375] chdir("./file0") = 0 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5375] <... futex resumed>) = 1 [pid 5374] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open resumed>) = 4 [pid 5375] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 0 [ 146.551368][ T5375] loop0: detected capacity change from 0 to 2048 [ 146.571617][ T5375] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 146.584156][ T5375] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5374] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5374] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5375] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5374] <... futex resumed>) = 1 [pid 5375] ftruncate(5, 33587199 [pid 5374] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... ftruncate resumed>) = 0 [pid 5375] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5375] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5375] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5374] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5374] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5374] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5376 attached [pid 5376] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5376] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5375] <... mmap resumed>) = 0x20000000 [pid 5374] <... clone3 resumed> => {parent_tid=[5376]}, 88) = 5376 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5374] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5376] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5376] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5374] <... futex resumed>) = 1 [pid 5375] read(6, [pid 5374] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5374] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5376] <... futex resumed>) = 0 [pid 5376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5375] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5374] <... futex resumed>) = ? [pid 5376] +++ killed by SIGBUS +++ [pid 5375] +++ killed by SIGBUS +++ [pid 5374] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5374, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5377 attached , child_tidptr=0x55555720b690) = 5377 [pid 5377] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5377] chdir("./101") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5377] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5378 attached => {parent_tid=[5378]}, 88) = 5378 [pid 5378] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5377] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... rseq resumed>) = 0 [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5378] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./file0", 0777) = 0 [ 147.272413][ T5378] loop0: detected capacity change from 0 to 2048 [ 147.303713][ T5378] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5378] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./file0") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... open resumed>) = 4 [ 147.315860][ T5378] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5378] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5377] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5378] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5378] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5378] ftruncate(5, 33587199 [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... ftruncate resumed>) = 0 [pid 5378] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5378] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5377] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5377] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5378] <... mmap resumed>) = 0x20000000 [pid 5378] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... mprotect resumed>) = 0 [pid 5378] <... futex resumed>) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5378] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5379 attached [pid 5379] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5377] <... clone3 resumed> => {parent_tid=[5379]}, 88) = 5379 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5377] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] <... rseq resumed>) = 0 [pid 5377] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5379] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5379] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5379] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5378] read(6, [pid 5377] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5377] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5377] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5379] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5378] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5377] <... futex resumed>) = ? [pid 5379] +++ killed by SIGBUS +++ [pid 5378] +++ killed by SIGBUS +++ [pid 5377] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5377, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5380 attached , child_tidptr=0x55555720b690) = 5380 [pid 5380] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5380] chdir("./102") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5380] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5380] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5381 attached [pid 5381] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5380] <... clone3 resumed> => {parent_tid=[5381]}, 88) = 5381 [pid 5381] set_robust_list(0x7f50e61789a0, 24 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] <... set_robust_list resumed>) = 0 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] <... futex resumed>) = 0 [pid 5381] memfd_create("syzkaller", 0 [pid 5380] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5381] <... memfd_create resumed>) = 3 [pid 5381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5381] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] close(3) = 0 [pid 5381] mkdir("./file0", 0777) = 0 [pid 5381] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5381] chdir("./file0") = 0 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 147.997047][ T5381] loop0: detected capacity change from 0 to 2048 [ 148.022931][ T5381] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 148.035128][ T5381] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5380] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... open resumed>) = 4 [pid 5381] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5380] <... futex resumed>) = 0 [pid 5381] <... open resumed>) = 5 [pid 5381] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] ftruncate(5, 33587199 [pid 5380] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... ftruncate resumed>) = 0 [pid 5381] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5381] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5380] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5380] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5380] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5382 attached [pid 5382] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5381] <... mmap resumed>) = 0x20000000 [pid 5380] <... clone3 resumed> => {parent_tid=[5382]}, 88) = 5382 [pid 5382] <... rseq resumed>) = 0 [pid 5381] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] set_robust_list(0x7f50e61579a0, 24 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] <... set_robust_list resumed>) = 0 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5381] <... futex resumed>) = 0 [pid 5382] <... openat resumed>) = 6 [pid 5381] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5382] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5381] read(6, [pid 5380] <... futex resumed>) = 1 [pid 5380] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5380] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5380] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5382] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5381] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5380] <... futex resumed>) = ? [pid 5382] +++ killed by SIGBUS +++ [pid 5381] +++ killed by SIGBUS +++ [pid 5380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5383 attached , child_tidptr=0x55555720b690) = 5383 [pid 5383] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5383] chdir("./103") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5383] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5384 attached => {parent_tid=[5384]}, 88) = 5384 [pid 5384] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5383] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... rseq resumed>) = 0 [pid 5384] set_robust_list(0x7f50e61789a0, 24 [pid 5383] <... futex resumed>) = 0 [pid 5384] <... set_robust_list resumed>) = 0 [pid 5383] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5384] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file0", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file0") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 148.797494][ T5384] loop0: detected capacity change from 0 to 2048 [ 148.825774][ T5384] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 148.837856][ T5384] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5384] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5384] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... open resumed>) = 5 [pid 5384] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] ftruncate(5, 33587199 [pid 5383] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] <... ftruncate resumed>) = 0 [pid 5383] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5384] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5383] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5383] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] <... mmap resumed>) = 0x20000000 [pid 5384] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5384] <... futex resumed>) = 0 [pid 5383] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5384] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5385 attached [pid 5385] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5383] <... clone3 resumed> => {parent_tid=[5385]}, 88) = 5385 [pid 5385] set_robust_list(0x7f50e61579a0, 24 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] <... set_robust_list resumed>) = 0 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5383] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5385] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5383] <... futex resumed>) = 1 [pid 5384] read(6, [pid 5383] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5383] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5385] <... futex resumed>) = 0 [pid 5385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006e000} --- [pid 5384] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 253824 [pid 5384] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5385] +++ killed by SIGBUS +++ [pid 5384] +++ killed by SIGBUS +++ [pid 5383] <... futex resumed>) = ? [pid 5383] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5383, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5386 attached , child_tidptr=0x55555720b690) = 5386 [pid 5386] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5386] chdir("./104") = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5386] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5387 attached => {parent_tid=[5387]}, 88) = 5387 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5386] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] set_robust_list(0x7f50e61789a0, 24 [pid 5386] <... futex resumed>) = 0 [pid 5387] <... set_robust_list resumed>) = 0 [pid 5386] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] memfd_create("syzkaller", 0) = 3 [pid 5387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5387] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5387] close(3) = 0 [pid 5387] mkdir("./file0", 0777) = 0 [pid 5387] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5387] chdir("./file0") = 0 [pid 5387] ioctl(4, LOOP_CLR_FD) = 0 [pid 5387] close(4) = 0 [pid 5387] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5387] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5387] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 149.605906][ T5387] loop0: detected capacity change from 0 to 2048 [ 149.625207][ T5387] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 149.637626][ T5387] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5386] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... open resumed>) = 4 [pid 5387] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5386] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5387] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] ftruncate(5, 33587199 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... ftruncate resumed>) = 0 [pid 5387] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5387] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5386] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5386] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5386] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] <... mmap resumed>) = 0x20000000 [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5387] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5388 attached [pid 5388] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5387] <... futex resumed>) = 0 [pid 5386] <... clone3 resumed> => {parent_tid=[5388]}, 88) = 5388 [pid 5388] <... rseq resumed>) = 0 [pid 5387] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] set_robust_list(0x7f50e61579a0, 24 [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] <... set_robust_list resumed>) = 0 [pid 5386] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] <... futex resumed>) = 0 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5388] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5388] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5387] read(6, [pid 5386] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5386] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5386] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5387] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5386] <... futex resumed>) = ? [pid 5388] +++ killed by SIGBUS +++ [pid 5387] +++ killed by SIGBUS +++ [pid 5386] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5386, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5389 [pid 5389] <... set_robust_list resumed>) = 0 [pid 5389] chdir("./105") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5389] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5390 attached => {parent_tid=[5390]}, 88) = 5390 [pid 5390] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] memfd_create("syzkaller", 0 [pid 5389] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] <... memfd_create resumed>) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5390] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... open resumed>) = 4 [pid 5390] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [ 150.287762][ T5390] loop0: detected capacity change from 0 to 2048 [ 150.303160][ T5390] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 150.315358][ T5390] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5390] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5390] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] ftruncate(5, 33587199 [pid 5389] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ftruncate resumed>) = 0 [pid 5390] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5389] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5389] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5389] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5390] <... mmap resumed>) = 0x20000000 [pid 5389] <... mprotect resumed>) = 0 [pid 5390] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5390] <... futex resumed>) = 0 [pid 5389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5390] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5391 attached [pid 5391] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5389] <... clone3 resumed> => {parent_tid=[5391]}, 88) = 5391 [pid 5391] <... rseq resumed>) = 0 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] set_robust_list(0x7f50e61579a0, 24 [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5389] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5391] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5391] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] read(6, [pid 5389] <... futex resumed>) = 1 [pid 5389] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5389] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5389] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5390] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5391] +++ killed by SIGBUS +++ [pid 5390] +++ killed by SIGBUS +++ [pid 5389] <... futex resumed>) = ? [pid 5389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5392 attached , child_tidptr=0x55555720b690) = 5392 [pid 5392] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5392] chdir("./106") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5392] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5393 attached [pid 5393] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5392] <... clone3 resumed> => {parent_tid=[5393]}, 88) = 5393 [pid 5393] set_robust_list(0x7f50e61789a0, 24 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5393] <... set_robust_list resumed>) = 0 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5393] memfd_create("syzkaller", 0) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5393] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] mkdir("./file0", 0777) = 0 [pid 5393] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./file0") = 0 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] <... futex resumed>) = 1 [pid 5392] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5393] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5392] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... open resumed>) = 5 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.056342][ T5393] loop0: detected capacity change from 0 to 2048 [ 151.072798][ T5393] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 151.084952][ T5393] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5393] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] ftruncate(5, 33587199 [pid 5392] <... futex resumed>) = 0 [pid 5393] <... ftruncate resumed>) = 0 [pid 5392] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 0 [pid 5393] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5392] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5392] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5392] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5393] <... mmap resumed>) = 0x20000000 [pid 5392] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5393] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5394 attached [pid 5394] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5392] <... clone3 resumed> => {parent_tid=[5394]}, 88) = 5394 [pid 5394] <... rseq resumed>) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f50e61579a0, 24 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5392] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] <... futex resumed>) = 0 [pid 5394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 0 [pid 5394] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5393] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] <... openat resumed>) = 6 [pid 5394] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5394] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = 1 [pid 5393] read(6, [pid 5392] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5392] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = 1 [pid 5392] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5394] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5393] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5393] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5392] <... futex resumed>) = ? [pid 5394] +++ killed by SIGBUS +++ [pid 5393] +++ killed by SIGBUS +++ [pid 5392] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5392, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5395 attached , child_tidptr=0x55555720b690) = 5395 [pid 5395] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5395] chdir("./107") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5395] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5395] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5396 attached => {parent_tid=[5396]}, 88) = 5396 [pid 5396] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5396] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5396] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5396] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] mkdir("./file0", 0777) = 0 [pid 5396] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./file0") = 0 [pid 5396] ioctl(4, LOOP_CLR_FD) = 0 [pid 5396] close(4) = 0 [ 151.877722][ T5396] loop0: detected capacity change from 0 to 2048 [ 151.895964][ T5396] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 151.908244][ T5396] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5396] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5396] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... open resumed>) = 4 [pid 5396] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5395] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... open resumed>) = 5 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] ftruncate(5, 33587199) = 0 [pid 5396] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5396] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5395] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5395] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5397 attached [pid 5397] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5395] <... clone3 resumed> => {parent_tid=[5397]}, 88) = 5397 [pid 5397] <... rseq resumed>) = 0 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5397] set_robust_list(0x7f50e61579a0, 24 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] <... set_robust_list resumed>) = 0 [pid 5395] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] <... futex resumed>) = 0 [pid 5397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5397] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... mmap resumed>) = 0x20000000 [pid 5396] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5397] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] read(6, [pid 5395] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5395] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5395] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5395] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5396] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5395] <... futex resumed>) = ? [pid 5397] +++ killed by SIGBUS +++ [pid 5396] +++ killed by SIGBUS +++ [pid 5395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5398 attached , child_tidptr=0x55555720b690) = 5398 [pid 5398] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5398] chdir("./108") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5398] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5399 attached [pid 5399] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5399] set_robust_list(0x7f50e61789a0, 24 [pid 5398] <... clone3 resumed> => {parent_tid=[5399]}, 88) = 5399 [pid 5399] <... set_robust_list resumed>) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5398] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] memfd_create("syzkaller", 0 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5399] <... memfd_create resumed>) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5399] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [pid 5399] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5399] chdir("./file0") = 0 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [ 152.651790][ T5399] loop0: detected capacity change from 0 to 2048 [ 152.667418][ T5399] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 152.679724][ T5399] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5399] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] <... futex resumed>) = 0 [pid 5399] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... open resumed>) = 4 [pid 5399] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] <... futex resumed>) = 0 [pid 5399] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... open resumed>) = 5 [pid 5399] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] ftruncate(5, 33587199 [pid 5398] <... futex resumed>) = 1 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... ftruncate resumed>) = 0 [pid 5399] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5398] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5398] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5399] <... mmap resumed>) = 0x20000000 [pid 5399] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5400 attached [pid 5400] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5398] <... clone3 resumed> => {parent_tid=[5400]}, 88) = 5400 [pid 5400] <... rseq resumed>) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], [pid 5400] set_robust_list(0x7f50e61579a0, 24 [pid 5398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5400] <... set_robust_list resumed>) = 0 [pid 5398] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5400] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5398] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... futex resumed>) = 0 [pid 5399] read(6, [pid 5398] <... futex resumed>) = 1 [pid 5398] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5398] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5398] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5399] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5398] <... futex resumed>) = ? [pid 5400] +++ killed by SIGBUS +++ [pid 5399] +++ killed by SIGBUS +++ [pid 5398] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5398, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x55555720b690) = 5401 [pid 5401] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5401] chdir("./109") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5401] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5402 attached => {parent_tid=[5402]}, 88) = 5402 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5401] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5401] <... futex resumed>) = 0 [pid 5402] set_robust_list(0x7f50e61789a0, 24 [pid 5401] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5402] <... set_robust_list resumed>) = 0 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5402] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./file0", 0777) = 0 [pid 5402] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./file0") = 0 [pid 5402] ioctl(4, LOOP_CLR_FD) = 0 [pid 5402] close(4) = 0 [pid 5402] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... open resumed>) = 4 [pid 5402] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5401] <... futex resumed>) = 0 [pid 5402] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5401] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... open resumed>) = 5 [pid 5402] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] ftruncate(5, 33587199 [pid 5401] <... futex resumed>) = 0 [ 153.395878][ T5402] loop0: detected capacity change from 0 to 2048 [ 153.410986][ T5402] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 153.423100][ T5402] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5401] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... ftruncate resumed>) = 0 [pid 5402] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5401] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5401] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5401] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5402] <... mmap resumed>) = 0x20000000 [pid 5401] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5402] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... mprotect resumed>) = 0 [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5403 attached [pid 5403] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5401] <... clone3 resumed> => {parent_tid=[5403]}, 88) = 5403 [pid 5403] <... rseq resumed>) = 0 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] set_robust_list(0x7f50e61579a0, 24 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] <... set_robust_list resumed>) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5401] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5403] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5403] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] read(6, [pid 5401] <... futex resumed>) = 1 [pid 5401] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5401] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5401] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5403] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5402] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5401] <... futex resumed>) = ? [pid 5403] +++ killed by SIGBUS +++ [pid 5402] +++ killed by SIGBUS +++ [pid 5401] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5404 attached , child_tidptr=0x55555720b690) = 5404 [pid 5404] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5404] chdir("./110") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5404] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5405 attached [pid 5405] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5404] <... clone3 resumed> => {parent_tid=[5405]}, 88) = 5405 [pid 5405] <... rseq resumed>) = 0 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] set_robust_list(0x7f50e61789a0, 24 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] <... set_robust_list resumed>) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5404] <... futex resumed>) = 0 [pid 5405] memfd_create("syzkaller", 0 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] <... memfd_create resumed>) = 3 [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5405] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] close(3) = 0 [pid 5405] mkdir("./file0", 0777) = 0 [pid 5405] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5405] chdir("./file0") = 0 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [ 154.211226][ T5405] loop0: detected capacity change from 0 to 2048 [ 154.238341][ T5405] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 154.250680][ T5405] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5405] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = 4 [pid 5405] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5404] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... open resumed>) = 5 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] ftruncate(5, 33587199 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... ftruncate resumed>) = 0 [pid 5405] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = 1 [pid 5404] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5404] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5404] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5405] <... mmap resumed>) = 0x20000000 [pid 5405] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5406 attached [pid 5406] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5404] <... clone3 resumed> => {parent_tid=[5406]}, 88) = 5406 [pid 5406] <... rseq resumed>) = 0 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5406] set_robust_list(0x7f50e61579a0, 24 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] <... set_robust_list resumed>) = 0 [pid 5404] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] <... futex resumed>) = 0 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5404] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5406] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5406] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] <... futex resumed>) = 0 [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] read(6, [pid 5404] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5404] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5404] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5404] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5405] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5404] <... futex resumed>) = ? [pid 5405] +++ killed by SIGBUS +++ [pid 5406] +++ killed by SIGBUS +++ [pid 5404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5407 attached , child_tidptr=0x55555720b690) = 5407 [pid 5407] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5407] chdir("./111") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5407] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5407] <... clone3 resumed> => {parent_tid=[5408]}, 88) = 5408 [pid 5408] <... rseq resumed>) = 0 [pid 5408] set_robust_list(0x7f50e61789a0, 24 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5408] <... set_robust_list resumed>) = 0 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5408] memfd_create("syzkaller", 0) = 3 [pid 5408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5408] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] close(3) = 0 [pid 5408] mkdir("./file0", 0777) = 0 [pid 5408] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5408] chdir("./file0") = 0 [pid 5408] ioctl(4, LOOP_CLR_FD) = 0 [pid 5408] close(4) = 0 [pid 5408] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5407] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... open resumed>) = 4 [pid 5408] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5407] <... futex resumed>) = 0 [pid 5408] <... open resumed>) = 5 [pid 5407] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 0 [pid 5408] ftruncate(5, 33587199 [ 154.922804][ T5408] loop0: detected capacity change from 0 to 2048 [ 154.933658][ T5408] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 154.945814][ T5408] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5407] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... ftruncate resumed>) = 0 [pid 5408] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5407] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5407] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5408] <... mmap resumed>) = 0x20000000 [pid 5408] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5408] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5409 attached [pid 5408] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5407] <... clone3 resumed> => {parent_tid=[5409]}, 88) = 5409 [pid 5409] <... rseq resumed>) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5407] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5409] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5409] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5408] read(6, [pid 5407] <... futex resumed>) = 1 [pid 5407] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5407] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5407] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5408] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5408] +++ killed by SIGBUS +++ [pid 5407] <... futex resumed>) = ? [pid 5409] +++ killed by SIGBUS +++ [pid 5407] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5410 attached , child_tidptr=0x55555720b690) = 5410 [pid 5410] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5410] chdir("./112") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5410] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5411 attached [pid 5411] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5410] <... clone3 resumed> => {parent_tid=[5411]}, 88) = 5411 [pid 5411] set_robust_list(0x7f50e61789a0, 24 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5411] <... set_robust_list resumed>) = 0 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] <... futex resumed>) = 0 [pid 5411] memfd_create("syzkaller", 0 [pid 5410] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5411] <... memfd_create resumed>) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5411] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [pid 5411] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5410] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... open resumed>) = 4 [pid 5411] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5411] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5410] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... open resumed>) = 5 [pid 5411] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5411] ftruncate(5, 33587199 [ 155.691130][ T5411] loop0: detected capacity change from 0 to 2048 [ 155.717595][ T5411] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 155.729567][ T5411] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5410] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... ftruncate resumed>) = 0 [pid 5411] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5411] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5410] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5410] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5410] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5412 attached [pid 5412] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5410] <... clone3 resumed> => {parent_tid=[5412]}, 88) = 5412 [pid 5412] <... rseq resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5412] set_robust_list(0x7f50e61579a0, 24 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5412] <... set_robust_list resumed>) = 0 [pid 5410] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] <... futex resumed>) = 0 [pid 5412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5412] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5412] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5412] read(6, [pid 5410] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5410] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5410] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5413 attached [pid 5413] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5410] <... clone3 resumed> => {parent_tid=[5413]}, 88) = 5413 [pid 5413] <... rseq resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5413] set_robust_list(0x7f50e61369a0, 24 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5413] <... set_robust_list resumed>) = 0 [pid 5410] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] <... futex resumed>) = 0 [pid 5413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5413] memfd_create("syzkaller", 0) = 7 [pid 5413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd16000 [pid 5411] <... mmap resumed>) = 0x20000000 [pid 5411] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5413] munmap(0x7f50ddd16000, 138412032) = 0 [pid 5413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5413] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5413] ioctl(8, LOOP_CLR_FD) = 0 [pid 5413] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5413] close(8) = 0 [pid 5413] close(7) = 0 [pid 5413] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] futex(0x7f50e62636e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = 0 [pid 5410] exit_group(0 [pid 5413] <... futex resumed>) = ? [pid 5411] <... futex resumed>) = ? [pid 5410] <... exit_group resumed>) = ? [pid 5413] +++ exited with 0 +++ [pid 5411] +++ exited with 0 +++ [pid 5412] <... read resumed> ) = ? [pid 5412] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 156.639925][ T2465] bio_check_eod: 25 callbacks suppressed [ 156.639937][ T2465] kworker/u4:9: attempt to access beyond end of device [ 156.639937][ T2465] loop0: rw=1, sector=2350, nr_sectors = 1328 limit=2048 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5414 [pid 5414] <... set_robust_list resumed>) = 0 [pid 5414] chdir("./113") = 0 [pid 5414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5414] setpgid(0, 0) = 0 [pid 5414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5414] write(3, "1000", 4) = 4 [pid 5414] close(3) = 0 [pid 5414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5414] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5414] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5415 attached [pid 5415] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5414] <... clone3 resumed> => {parent_tid=[5415]}, 88) = 5415 [pid 5415] set_robust_list(0x7f50e61789a0, 24 [pid 5414] rt_sigprocmask(SIG_SETMASK, [], [pid 5415] <... set_robust_list resumed>) = 0 [pid 5414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] <... futex resumed>) = 0 [pid 5415] memfd_create("syzkaller", 0 [pid 5414] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5415] <... memfd_create resumed>) = 3 [pid 5415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5415] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5415] close(3) = 0 [pid 5415] mkdir("./file0", 0777) = 0 [pid 5415] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5415] chdir("./file0") = 0 [pid 5415] ioctl(4, LOOP_CLR_FD) = 0 [pid 5415] close(4) = 0 [pid 5415] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5414] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... open resumed>) = 4 [pid 5415] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... open resumed>) = 5 [ 156.935248][ T5415] loop0: detected capacity change from 0 to 2048 [ 156.951619][ T5415] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 156.966134][ T5415] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5415] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] ftruncate(5, 33587199) = 0 [pid 5415] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5415] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5414] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5414] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5414] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5415] <... mmap resumed>) = 0x20000000 [pid 5415] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... mprotect resumed>) = 0 [pid 5414] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5415] <... futex resumed>) = 0 [pid 5415] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5416 attached [pid 5416] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5414] <... clone3 resumed> => {parent_tid=[5416]}, 88) = 5416 [pid 5416] set_robust_list(0x7f50e61579a0, 24 [pid 5414] rt_sigprocmask(SIG_SETMASK, [], [pid 5416] <... set_robust_list resumed>) = 0 [pid 5414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5416] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5416] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5414] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] read(6, [pid 5414] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5414] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5414] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5415] <... read resumed>) = ? [pid 5414] <... futex resumed>) = ? [pid 5416] +++ killed by SIGBUS +++ [pid 5415] +++ killed by SIGBUS +++ [pid 5414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5417 attached , child_tidptr=0x55555720b690) = 5417 [pid 5417] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5417] chdir("./114") = 0 [pid 5417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5417] setpgid(0, 0) = 0 [pid 5417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5417] write(3, "1000", 4) = 4 [pid 5417] close(3) = 0 [pid 5417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5417] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5417] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5417] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5418 attached => {parent_tid=[5418]}, 88) = 5418 [pid 5418] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5418] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5417] rt_sigprocmask(SIG_SETMASK, [], [pid 5418] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5417] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5418] memfd_create("syzkaller", 0 [pid 5417] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5418] <... memfd_create resumed>) = 3 [pid 5418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5418] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5418] close(3) = 0 [pid 5418] mkdir("./file0", 0777) = 0 [pid 5418] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5418] chdir("./file0") = 0 [pid 5418] ioctl(4, LOOP_CLR_FD) = 0 [pid 5418] close(4) = 0 [pid 5418] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... futex resumed>) = 0 [pid 5418] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5418] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5417] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5417] <... futex resumed>) = 0 [pid 5418] <... open resumed>) = 5 [pid 5417] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.647058][ T5418] loop0: detected capacity change from 0 to 2048 [ 157.664436][ T5418] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 157.676499][ T5418] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5418] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] <... futex resumed>) = 0 [pid 5418] ftruncate(5, 33587199 [pid 5417] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] <... ftruncate resumed>) = 0 [pid 5418] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5417] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5417] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5417] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5419 attached [pid 5419] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5417] <... clone3 resumed> => {parent_tid=[5419]}, 88) = 5419 [pid 5419] <... rseq resumed>) = 0 [pid 5417] rt_sigprocmask(SIG_SETMASK, [], [pid 5419] set_robust_list(0x7f50e61579a0, 24 [pid 5417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5419] <... set_robust_list resumed>) = 0 [pid 5417] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] rt_sigprocmask(SIG_SETMASK, [], [pid 5417] <... futex resumed>) = 0 [pid 5419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5417] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5418] <... mmap resumed>) = 0x20000000 [pid 5419] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5418] read(6, [pid 5417] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5417] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5417] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5419] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5418] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5417] <... futex resumed>) = ? [pid 5418] +++ killed by SIGBUS +++ [pid 5419] +++ killed by SIGBUS +++ [pid 5417] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5417, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5420 attached , child_tidptr=0x55555720b690) = 5420 [pid 5420] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5420] chdir("./115") = 0 [pid 5420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5420] setpgid(0, 0) = 0 [pid 5420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5420] write(3, "1000", 4) = 4 [pid 5420] close(3) = 0 [pid 5420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5420] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5420] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5421 attached [pid 5421] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5420] <... clone3 resumed> => {parent_tid=[5421]}, 88) = 5421 [pid 5421] <... rseq resumed>) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5421] set_robust_list(0x7f50e61789a0, 24 [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5421] <... set_robust_list resumed>) = 0 [pid 5420] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5420] <... futex resumed>) = 0 [pid 5421] memfd_create("syzkaller", 0 [pid 5420] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5421] <... memfd_create resumed>) = 3 [pid 5421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5421] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5421] close(3) = 0 [pid 5421] mkdir("./file0", 0777) = 0 [pid 5421] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5421] chdir("./file0") = 0 [pid 5421] ioctl(4, LOOP_CLR_FD) = 0 [ 158.281435][ T5421] loop0: detected capacity change from 0 to 2048 [ 158.306835][ T5421] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 158.318863][ T5421] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5421] close(4) = 0 [pid 5421] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5421] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5421] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5420] <... futex resumed>) = 1 [pid 5421] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5420] <... futex resumed>) = 1 [pid 5421] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5420] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... open resumed>) = 5 [pid 5421] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5420] <... futex resumed>) = 1 [pid 5421] ftruncate(5, 33587199 [pid 5420] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... ftruncate resumed>) = 0 [pid 5421] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5420] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5420] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5421] <... mmap resumed>) = 0x20000000 [pid 5420] <... mprotect resumed>) = 0 [pid 5420] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5421] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5421] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5422 attached [pid 5422] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5422] set_robust_list(0x7f50e61579a0, 24 [pid 5420] <... clone3 resumed> => {parent_tid=[5422]}, 88) = 5422 [pid 5422] <... set_robust_list resumed>) = 0 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5422] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5422] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5420] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] read(6, [pid 5420] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5420] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5420] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5421] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5420] <... futex resumed>) = ? [pid 5422] +++ killed by SIGBUS +++ [pid 5421] +++ killed by SIGBUS +++ [pid 5420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5423 attached , child_tidptr=0x55555720b690) = 5423 [pid 5423] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5423] chdir("./116") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5423] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5424 attached [pid 5424] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5423] <... clone3 resumed> => {parent_tid=[5424]}, 88) = 5424 [pid 5424] <... rseq resumed>) = 0 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5424] set_robust_list(0x7f50e61789a0, 24 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] <... set_robust_list resumed>) = 0 [pid 5423] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] <... futex resumed>) = 0 [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] memfd_create("syzkaller", 0 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5424] <... memfd_create resumed>) = 3 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5424] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] mkdir("./file0", 0777) = 0 [pid 5424] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5424] chdir("./file0") = 0 [pid 5424] ioctl(4, LOOP_CLR_FD) = 0 [pid 5424] close(4) = 0 [pid 5424] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... open resumed>) = 4 [pid 5424] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5423] <... futex resumed>) = 1 [pid 5424] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5424] <... futex resumed>) = 1 [pid 5423] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] ftruncate(5, 33587199 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... ftruncate resumed>) = 0 [pid 5424] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [ 159.031324][ T5424] loop0: detected capacity change from 0 to 2048 [ 159.052025][ T5424] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 159.064131][ T5424] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5424] <... futex resumed>) = 1 [pid 5423] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5423] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5423] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5423] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5425 attached [pid 5425] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5423] <... clone3 resumed> => {parent_tid=[5425]}, 88) = 5425 [pid 5425] set_robust_list(0x7f50e61579a0, 24 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] <... set_robust_list resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5425] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5425] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] read(6, [pid 5423] <... futex resumed>) = 1 [pid 5423] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] <... mmap resumed>) = 0x20000000 [pid 5424] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5423] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5424] <... futex resumed>) = 0 [pid 5425] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5425] ???() = ? [pid 5425] +++ killed by SIGBUS +++ [pid 5423] <... futex resumed>) = ? [pid 5424] +++ killed by SIGBUS +++ [pid 5423] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5423, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5426 attached , child_tidptr=0x55555720b690) = 5426 [pid 5426] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5426] chdir("./117") = 0 [pid 5426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5426] setpgid(0, 0) = 0 [pid 5426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5426] write(3, "1000", 4) = 4 [pid 5426] close(3) = 0 [pid 5426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5426] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5426] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5427 attached => {parent_tid=[5427]}, 88) = 5427 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5427] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5427] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5427] memfd_create("syzkaller", 0) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5427] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5427] close(3) = 0 [pid 5427] mkdir("./file0", 0777) = 0 [pid 5427] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5427] chdir("./file0") = 0 [pid 5427] ioctl(4, LOOP_CLR_FD) = 0 [pid 5427] close(4) = 0 [pid 5427] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5427] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5426] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] <... open resumed>) = 4 [pid 5426] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5427] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = 1 [pid 5426] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] ftruncate(5, 33587199) = 0 [pid 5427] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5427] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] <... futex resumed>) = 0 [pid 5427] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 159.823961][ T5427] loop0: detected capacity change from 0 to 2048 [ 159.839909][ T5427] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 159.852308][ T5427] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5426] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5426] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5426] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5427] <... mmap resumed>) = 0x20000000 [pid 5427] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5428 attached [pid 5428] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5427] <... futex resumed>) = 0 [pid 5426] <... clone3 resumed> => {parent_tid=[5428]}, 88) = 5428 [pid 5428] <... rseq resumed>) = 0 [pid 5427] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] set_robust_list(0x7f50e61579a0, 24 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] <... set_robust_list resumed>) = 0 [pid 5426] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] <... futex resumed>) = 0 [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5426] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5428] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5428] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = 0 [pid 5427] read(6, [pid 5426] <... futex resumed>) = 1 [pid 5426] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5426] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = 1 [pid 5426] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5427] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5426] <... futex resumed>) = ? [pid 5428] +++ killed by SIGBUS +++ [pid 5427] +++ killed by SIGBUS +++ [pid 5426] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5426, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5429 attached , child_tidptr=0x55555720b690) = 5429 [pid 5429] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5429] chdir("./118") = 0 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5429] setpgid(0, 0) = 0 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5429] write(3, "1000", 4) = 4 [pid 5429] close(3) = 0 [pid 5429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5429] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5429] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5430 attached [pid 5430] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5429] <... clone3 resumed> => {parent_tid=[5430]}, 88) = 5430 [pid 5430] <... rseq resumed>) = 0 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5430] set_robust_list(0x7f50e61789a0, 24 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5429] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] <... futex resumed>) = 0 [pid 5430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5430] memfd_create("syzkaller", 0) = 3 [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5430] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5430] close(3) = 0 [pid 5430] mkdir("./file0", 0777) = 0 [pid 5430] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5430] chdir("./file0") = 0 [pid 5430] ioctl(4, LOOP_CLR_FD) = 0 [pid 5430] close(4) = 0 [pid 5430] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5430] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... open resumed>) = 4 [pid 5430] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = 1 [pid 5429] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5429] <... futex resumed>) = 0 [pid 5430] <... open resumed>) = 5 [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5430] ftruncate(5, 33587199 [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5430] <... ftruncate resumed>) = 0 [pid 5430] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 160.500119][ T5430] loop0: detected capacity change from 0 to 2048 [ 160.511167][ T5430] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 160.523525][ T5430] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5430] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5430] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5429] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5429] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5430] <... mmap resumed>) = 0x20000000 [pid 5429] <... mprotect resumed>) = 0 [pid 5430] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5430] <... futex resumed>) = 0 [pid 5429] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5430] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5431 attached [pid 5431] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5431] set_robust_list(0x7f50e61579a0, 24 [pid 5429] <... clone3 resumed> => {parent_tid=[5431]}, 88) = 5431 [pid 5431] <... set_robust_list resumed>) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5431] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5431] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5430] read(6, [pid 5429] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5429] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5429] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5431] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5430] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5431] +++ killed by SIGBUS +++ [pid 5430] +++ killed by SIGBUS +++ [pid 5429] <... futex resumed>) = ? [pid 5429] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5432 attached [pid 5432] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5432 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5432] chdir("./119") = 0 [pid 5432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5432] setpgid(0, 0) = 0 [pid 5432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5432] write(3, "1000", 4) = 4 [pid 5432] close(3) = 0 [pid 5432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5432] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5432] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5433 attached => {parent_tid=[5433]}, 88) = 5433 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5432] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5432] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5433] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5433] memfd_create("syzkaller", 0) = 3 [pid 5433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5433] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5433] close(3) = 0 [pid 5433] mkdir("./file0", 0777) = 0 [pid 5433] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5433] chdir("./file0") = 0 [pid 5433] ioctl(4, LOOP_CLR_FD) = 0 [pid 5433] close(4) = 0 [pid 5433] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5433] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 161.305067][ T5433] loop0: detected capacity change from 0 to 2048 [ 161.321430][ T5433] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 161.333258][ T5433] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5432] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... open resumed>) = 4 [pid 5433] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5433] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] <... futex resumed>) = 0 [pid 5433] ftruncate(5, 33587199 [pid 5432] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... ftruncate resumed>) = 0 [pid 5433] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] <... futex resumed>) = 0 [pid 5433] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5432] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5432] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5432] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5434 attached [pid 5434] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5434] set_robust_list(0x7f50e61579a0, 24 [pid 5433] <... mmap resumed>) = 0x20000000 [pid 5432] <... clone3 resumed> => {parent_tid=[5434]}, 88) = 5434 [pid 5434] <... set_robust_list resumed>) = 0 [pid 5433] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], [pid 5434] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5434] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5434] <... futex resumed>) = 1 [pid 5432] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... futex resumed>) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5433] read(6, [pid 5432] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5432] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5432] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5433] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5432] <... futex resumed>) = ? [pid 5434] +++ killed by SIGBUS +++ [pid 5433] +++ killed by SIGBUS +++ [pid 5432] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5432, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5435 attached , child_tidptr=0x55555720b690) = 5435 [pid 5435] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5435] chdir("./120") = 0 [pid 5435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5435] setpgid(0, 0) = 0 [pid 5435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5435] write(3, "1000", 4) = 4 [pid 5435] close(3) = 0 [pid 5435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5435] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5435] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5436 attached [pid 5436] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5436] set_robust_list(0x7f50e61789a0, 24 [pid 5435] <... clone3 resumed> => {parent_tid=[5436]}, 88) = 5436 [pid 5436] <... set_robust_list resumed>) = 0 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5436] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5436] memfd_create("syzkaller", 0 [pid 5435] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] <... memfd_create resumed>) = 3 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5436] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5436] close(3) = 0 [pid 5436] mkdir("./file0", 0777) = 0 [pid 5436] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5436] chdir("./file0") = 0 [pid 5436] ioctl(4, LOOP_CLR_FD) = 0 [pid 5436] close(4) = 0 [pid 5436] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5435] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... open resumed>) = 4 [pid 5436] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 161.962422][ T5436] loop0: detected capacity change from 0 to 2048 [ 161.975884][ T5436] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 161.988282][ T5436] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5436] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5435] <... futex resumed>) = 1 [pid 5436] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5435] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... open resumed>) = 5 [pid 5436] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5436] ftruncate(5, 33587199 [pid 5435] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... ftruncate resumed>) = 0 [pid 5436] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5435] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5435] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5435] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5436] <... mmap resumed>) = 0x20000000 [pid 5435] <... mprotect resumed>) = 0 [pid 5436] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5437 attached [pid 5437] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5435] <... clone3 resumed> => {parent_tid=[5437]}, 88) = 5437 [pid 5437] <... rseq resumed>) = 0 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] set_robust_list(0x7f50e61579a0, 24 [pid 5435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5437] <... set_robust_list resumed>) = 0 [pid 5435] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5437] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5435] <... futex resumed>) = 1 [pid 5436] read(6, [pid 5435] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5435] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5435] <... futex resumed>) = 1 [pid 5435] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5436] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5436] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5435] <... futex resumed>) = ? [pid 5437] +++ killed by SIGBUS +++ [pid 5436] +++ killed by SIGBUS +++ [pid 5435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5438 attached , child_tidptr=0x55555720b690) = 5438 [pid 5438] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5438] chdir("./121") = 0 [pid 5438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5438] setpgid(0, 0) = 0 [pid 5438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5438] write(3, "1000", 4) = 4 [pid 5438] close(3) = 0 [pid 5438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5438] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5438] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5439 attached => {parent_tid=[5439]}, 88) = 5439 [pid 5439] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5439] <... rseq resumed>) = 0 [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5439] set_robust_list(0x7f50e61789a0, 24 [pid 5438] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... set_robust_list resumed>) = 0 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] <... futex resumed>) = 0 [pid 5439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5439] memfd_create("syzkaller", 0) = 3 [pid 5439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5439] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5439] close(3) = 0 [pid 5439] mkdir("./file0", 0777) = 0 [pid 5439] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5439] chdir("./file0") = 0 [pid 5439] ioctl(4, LOOP_CLR_FD) = 0 [pid 5439] close(4) = 0 [pid 5439] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5439] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5439] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5438] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... open resumed>) = 5 [pid 5439] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... futex resumed>) = 1 [ 162.700036][ T5439] loop0: detected capacity change from 0 to 2048 [ 162.724879][ T5439] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 162.737143][ T5439] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5439] ftruncate(5, 33587199) = 0 [pid 5439] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5438] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5438] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5438] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5439] <... mmap resumed>) = 0x20000000 [pid 5439] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5440 attached [pid 5440] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5440] set_robust_list(0x7f50e61579a0, 24 [pid 5438] <... clone3 resumed> => {parent_tid=[5440]}, 88) = 5440 [pid 5440] <... set_robust_list resumed>) = 0 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5440] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5440] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5440] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5440] <... futex resumed>) = 1 [pid 5438] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5439] read(6, [pid 5438] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5438] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5438] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5439] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5438] <... futex resumed>) = ? [pid 5439] +++ killed by SIGBUS +++ [pid 5440] +++ killed by SIGBUS +++ [pid 5438] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5438, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5441 attached , child_tidptr=0x55555720b690) = 5441 [pid 5441] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5441] chdir("./122") = 0 [pid 5441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5441] setpgid(0, 0) = 0 [pid 5441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5441] write(3, "1000", 4) = 4 [pid 5441] close(3) = 0 [pid 5441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5441] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5441] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5442 attached [pid 5442] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5441] <... clone3 resumed> => {parent_tid=[5442]}, 88) = 5442 [pid 5442] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], [pid 5442] rt_sigprocmask(SIG_SETMASK, [], [pid 5441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5441] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] memfd_create("syzkaller", 0 [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5442] <... memfd_create resumed>) = 3 [pid 5442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5442] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5442] close(3) = 0 [pid 5442] mkdir("./file0", 0777) = 0 [pid 5442] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5442] chdir("./file0") = 0 [pid 5442] ioctl(4, LOOP_CLR_FD) = 0 [pid 5442] close(4) = 0 [pid 5442] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 163.318022][ T5442] loop0: detected capacity change from 0 to 2048 [ 163.332702][ T5442] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 163.344656][ T5442] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5442] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5441] <... futex resumed>) = 1 [pid 5442] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5441] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... open resumed>) = 4 [pid 5442] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5442] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5441] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] ftruncate(5, 33587199) = 0 [pid 5442] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5441] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5441] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5442] <... mmap resumed>) = 0x20000000 [pid 5441] <... mprotect resumed>) = 0 [pid 5442] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5443 attached => {parent_tid=[5443]}, 88) = 5443 [pid 5443] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] set_robust_list(0x7f50e61579a0, 24 [pid 5441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] <... set_robust_list resumed>) = 0 [pid 5441] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5441] <... futex resumed>) = 0 [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5441] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5443] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5443] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5441] <... futex resumed>) = 1 [pid 5442] read(6, [pid 5441] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5441] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5441] <... futex resumed>) = 1 [pid 5441] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5443] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5442] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5441] <... futex resumed>) = ? [pid 5442] +++ killed by SIGBUS +++ [pid 5443] +++ killed by SIGBUS +++ [pid 5441] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5444 attached [pid 5444] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5444 [pid 5444] <... set_robust_list resumed>) = 0 [pid 5444] chdir("./123") = 0 [pid 5444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5444] setpgid(0, 0) = 0 [pid 5444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5444] write(3, "1000", 4) = 4 [pid 5444] close(3) = 0 [pid 5444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5444] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5444] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5445 attached => {parent_tid=[5445]}, 88) = 5445 [pid 5445] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5445] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] memfd_create("syzkaller", 0 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5445] <... memfd_create resumed>) = 3 [pid 5445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5445] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5445] close(3) = 0 [pid 5445] mkdir("./file0", 0777) = 0 [pid 5445] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5445] chdir("./file0") = 0 [pid 5445] ioctl(4, LOOP_CLR_FD) = 0 [pid 5445] close(4) = 0 [pid 5445] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5445] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5444] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... open resumed>) = 4 [ 163.994547][ T5445] loop0: detected capacity change from 0 to 2048 [ 164.005084][ T5445] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 164.017348][ T5445] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5445] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5444] <... futex resumed>) = 0 [pid 5445] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5444] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = 0 [pid 5445] ftruncate(5, 33587199 [pid 5444] <... futex resumed>) = 1 [pid 5444] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... ftruncate resumed>) = 0 [pid 5445] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5445] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5444] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5444] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5444] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5445] <... mmap resumed>) = 0x20000000 [pid 5445] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... mprotect resumed>) = 0 [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5446 attached => {parent_tid=[5446]}, 88) = 5446 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5444] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5446] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5446] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5446] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5446] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5445] read(6, [pid 5444] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5444] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5444] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5445] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5444] <... futex resumed>) = ? [pid 5446] +++ killed by SIGBUS +++ [pid 5445] +++ killed by SIGBUS +++ [pid 5444] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5444, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5447 attached , child_tidptr=0x55555720b690) = 5447 [pid 5447] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5447] chdir("./124") = 0 [pid 5447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5447] setpgid(0, 0) = 0 [pid 5447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5447] write(3, "1000", 4) = 4 [pid 5447] close(3) = 0 [pid 5447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5447] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5448 attached [pid 5448] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5448] set_robust_list(0x7f50e61789a0, 24 [pid 5447] <... clone3 resumed> => {parent_tid=[5448]}, 88) = 5448 [pid 5448] <... set_robust_list resumed>) = 0 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5447] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] memfd_create("syzkaller", 0 [pid 5447] <... futex resumed>) = 0 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5448] <... memfd_create resumed>) = 3 [pid 5448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5448] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5448] close(3) = 0 [pid 5448] mkdir("./file0", 0777) = 0 [pid 5448] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5448] chdir("./file0") = 0 [pid 5448] ioctl(4, LOOP_CLR_FD) = 0 [pid 5448] close(4) = 0 [pid 5448] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5448] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5447] <... futex resumed>) = 1 [ 164.719942][ T5448] loop0: detected capacity change from 0 to 2048 [ 164.734731][ T5448] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 164.746654][ T5448] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5448] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5448] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5448] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] <... futex resumed>) = 0 [pid 5448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] ftruncate(5, 33587199 [pid 5447] <... futex resumed>) = 0 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5448] <... ftruncate resumed>) = 0 [pid 5448] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5448] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5447] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5447] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5447] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] <... mmap resumed>) = 0x20000000 [pid 5448] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5448] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5449 attached [pid 5448] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5449] set_robust_list(0x7f50e61579a0, 24 [pid 5447] <... clone3 resumed> => {parent_tid=[5449]}, 88) = 5449 [pid 5449] <... set_robust_list resumed>) = 0 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5449] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5447] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5447] <... futex resumed>) = 1 [pid 5447] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5449] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5449] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5448] <... futex resumed>) = 0 [pid 5448] read(6, [pid 5447] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5447] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5447] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5448] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5447] <... futex resumed>) = ? [pid 5448] +++ killed by SIGBUS +++ [pid 5449] +++ killed by SIGBUS +++ [pid 5447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5450 attached , child_tidptr=0x55555720b690) = 5450 [pid 5450] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5450] chdir("./125") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5450] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5450] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5451 attached [pid 5451] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5450] <... clone3 resumed> => {parent_tid=[5451]}, 88) = 5451 [pid 5451] set_robust_list(0x7f50e61789a0, 24 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] <... set_robust_list resumed>) = 0 [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] <... futex resumed>) = 0 [pid 5451] memfd_create("syzkaller", 0 [pid 5450] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5451] <... memfd_create resumed>) = 3 [pid 5451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5451] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5451] close(3) = 0 [pid 5451] mkdir("./file0", 0777) = 0 [pid 5451] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5451] chdir("./file0") = 0 [pid 5451] ioctl(4, LOOP_CLR_FD) = 0 [pid 5451] close(4) = 0 [pid 5451] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5450] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... open resumed>) = 4 [pid 5451] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = 1 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5450] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5451] ftruncate(5, 33587199 [pid 5450] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] <... ftruncate resumed>) = 0 [ 165.479722][ T5451] loop0: detected capacity change from 0 to 2048 [ 165.495275][ T5451] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 165.507401][ T5451] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5450] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5451] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5450] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5450] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5450] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5451] <... mmap resumed>) = 0x20000000 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5452 attached [pid 5451] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5450] <... clone3 resumed> => {parent_tid=[5452]}, 88) = 5452 [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... rseq resumed>) = 0 [pid 5452] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5452] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5452] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5452] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = 1 [pid 5451] read(6, [pid 5450] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5450] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5450] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006f000} --- [pid 5451] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 249728 [pid 5450] <... futex resumed>) = ? [pid 5452] +++ killed by SIGBUS +++ [pid 5451] +++ killed by SIGBUS +++ [pid 5450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5453 attached , child_tidptr=0x55555720b690) = 5453 [pid 5453] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5453] chdir("./126") = 0 [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5453] setpgid(0, 0) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5453] write(3, "1000", 4) = 4 [pid 5453] close(3) = 0 [pid 5453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5453] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5454 attached [pid 5454] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5453] <... clone3 resumed> => {parent_tid=[5454]}, 88) = 5454 [pid 5454] <... rseq resumed>) = 0 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], [pid 5454] set_robust_list(0x7f50e61789a0, 24 [pid 5453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5454] <... set_robust_list resumed>) = 0 [pid 5453] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5454] memfd_create("syzkaller", 0) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5454] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] mkdir("./file0", 0777) = 0 [pid 5454] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5454] chdir("./file0") = 0 [pid 5454] ioctl(4, LOOP_CLR_FD) = 0 [pid 5454] close(4) = 0 [ 166.033135][ T5454] loop0: detected capacity change from 0 to 2048 [ 166.059224][ T5454] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 166.071301][ T5454] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5454] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5453] <... futex resumed>) = 1 [pid 5454] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5453] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 4 [pid 5454] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5453] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... open resumed>) = 5 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] ftruncate(5, 33587199 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ftruncate resumed>) = 0 [pid 5454] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5453] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5453] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5453] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5454] <... mmap resumed>) = 0x20000000 [pid 5454] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5455 attached [pid 5455] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5453] <... clone3 resumed> => {parent_tid=[5455]}, 88) = 5455 [pid 5455] set_robust_list(0x7f50e61579a0, 24 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] <... set_robust_list resumed>) = 0 [pid 5453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5453] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5455] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5453] <... futex resumed>) = 1 [pid 5454] read(6, [pid 5453] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5453] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5453] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5454] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5454] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5453] <... futex resumed>) = ? [pid 5455] +++ killed by SIGBUS +++ [pid 5454] +++ killed by SIGBUS +++ [pid 5453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5456 attached , child_tidptr=0x55555720b690) = 5456 [pid 5456] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5456] chdir("./127") = 0 [pid 5456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5456] setpgid(0, 0) = 0 [pid 5456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5456] write(3, "1000", 4) = 4 [pid 5456] close(3) = 0 [pid 5456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5456] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5456] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5457 attached [pid 5457] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5456] <... clone3 resumed> => {parent_tid=[5457]}, 88) = 5457 [pid 5457] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] rt_sigprocmask(SIG_SETMASK, [], [pid 5456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5456] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] memfd_create("syzkaller", 0 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5457] <... memfd_create resumed>) = 3 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5457] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5457] close(3) = 0 [pid 5457] mkdir("./file0", 0777) = 0 [pid 5457] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5457] chdir("./file0") = 0 [pid 5457] ioctl(4, LOOP_CLR_FD) = 0 [pid 5457] close(4) = 0 [pid 5457] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5456] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... open resumed>) = 4 [pid 5457] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [ 166.814442][ T5457] loop0: detected capacity change from 0 to 2048 [ 166.840637][ T5457] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 166.852857][ T5457] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5456] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... open resumed>) = 5 [pid 5456] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] ftruncate(5, 33587199 [pid 5456] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... ftruncate resumed>) = 0 [pid 5457] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5456] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5456] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5456] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5457] <... mmap resumed>) = 0x20000000 [pid 5456] <... mprotect resumed>) = 0 [pid 5457] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5457] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5458 attached [pid 5457] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5458] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], [pid 5456] <... clone3 resumed> => {parent_tid=[5458]}, 88) = 5458 [pid 5458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5456] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5456] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5458] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5458] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] read(6, [pid 5456] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5456] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5456] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5457] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5456] <... futex resumed>) = ? [pid 5458] +++ killed by SIGBUS +++ [pid 5457] +++ killed by SIGBUS +++ [pid 5456] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5456, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5459 attached , child_tidptr=0x55555720b690) = 5459 [pid 5459] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5459] chdir("./128") = 0 [pid 5459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5459] setpgid(0, 0) = 0 [pid 5459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5459] write(3, "1000", 4) = 4 [pid 5459] close(3) = 0 [pid 5459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5459] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5459] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5460 attached [pid 5460] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5459] <... clone3 resumed> => {parent_tid=[5460]}, 88) = 5460 [pid 5460] <... rseq resumed>) = 0 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], [pid 5460] set_robust_list(0x7f50e61789a0, 24 [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5460] <... set_robust_list resumed>) = 0 [pid 5459] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] <... futex resumed>) = 0 [pid 5460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5459] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5460] memfd_create("syzkaller", 0) = 3 [pid 5460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5460] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5460] close(3) = 0 [pid 5460] mkdir("./file0", 0777) = 0 [pid 5460] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5460] chdir("./file0") = 0 [pid 5460] ioctl(4, LOOP_CLR_FD) = 0 [pid 5460] close(4) = 0 [ 167.499555][ T5460] loop0: detected capacity change from 0 to 2048 [ 167.525078][ T5460] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 167.537153][ T5460] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5460] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... futex resumed>) = 0 [pid 5459] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5459] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5460] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] <... futex resumed>) = 0 [pid 5460] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5459] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] <... open resumed>) = 5 [pid 5459] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] <... futex resumed>) = 0 [pid 5460] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5459] <... futex resumed>) = 0 [pid 5460] ftruncate(5, 33587199 [pid 5459] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] <... ftruncate resumed>) = 0 [pid 5460] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] <... futex resumed>) = 0 [pid 5460] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5459] <... futex resumed>) = 0 [pid 5460] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5459] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5459] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5459] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5460] <... mmap resumed>) = 0x20000000 [pid 5459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5460] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5461 attached [pid 5461] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5461] set_robust_list(0x7f50e61579a0, 24 [pid 5460] <... futex resumed>) = 0 [pid 5459] <... clone3 resumed> => {parent_tid=[5461]}, 88) = 5461 [pid 5461] <... set_robust_list resumed>) = 0 [pid 5460] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] rt_sigprocmask(SIG_SETMASK, [], [pid 5461] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5459] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5461] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... futex resumed>) = 0 [pid 5459] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5460] read(6, [pid 5459] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5459] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5459] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5460] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5459] <... futex resumed>) = ? [pid 5461] +++ killed by SIGBUS +++ [pid 5460] +++ killed by SIGBUS +++ [pid 5459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5462 attached , child_tidptr=0x55555720b690) = 5462 [pid 5462] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5462] chdir("./129") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5462] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5463 attached [pid 5463] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5462] <... clone3 resumed> => {parent_tid=[5463]}, 88) = 5463 [pid 5463] set_robust_list(0x7f50e61789a0, 24 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5463] <... set_robust_list resumed>) = 0 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5463] memfd_create("syzkaller", 0 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5463] <... memfd_create resumed>) = 3 [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5463] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5463] close(3) = 0 [pid 5463] mkdir("./file0", 0777) = 0 [pid 5463] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5463] chdir("./file0") = 0 [pid 5463] ioctl(4, LOOP_CLR_FD) = 0 [pid 5463] close(4) = 0 [pid 5463] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... futex resumed>) = 0 [pid 5463] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5463] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5462] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5462] <... futex resumed>) = 0 [pid 5463] <... open resumed>) = 5 [pid 5462] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 168.235102][ T5463] loop0: detected capacity change from 0 to 2048 [ 168.251345][ T5463] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 168.263194][ T5463] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5463] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5463] ftruncate(5, 33587199 [pid 5462] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... ftruncate resumed>) = 0 [pid 5463] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5463] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5462] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5462] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5462] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] <... mmap resumed>) = 0x20000000 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5463] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5464 attached [pid 5464] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5462] <... clone3 resumed> => {parent_tid=[5464]}, 88) = 5464 [pid 5464] set_robust_list(0x7f50e61579a0, 24 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5464] <... set_robust_list resumed>) = 0 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5464] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5464] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5463] read(6, [pid 5462] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5462] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5462] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5463] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5462] <... futex resumed>) = ? [pid 5464] +++ killed by SIGBUS +++ [pid 5463] +++ killed by SIGBUS +++ [pid 5462] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5462, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5465 attached , child_tidptr=0x55555720b690) = 5465 [pid 5465] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5465] chdir("./130") = 0 [pid 5465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5465] setpgid(0, 0) = 0 [pid 5465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5465] write(3, "1000", 4) = 4 [pid 5465] close(3) = 0 [pid 5465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5465] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5465] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5466 attached [pid 5466] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5466] set_robust_list(0x7f50e61789a0, 24 [pid 5465] <... clone3 resumed> => {parent_tid=[5466]}, 88) = 5466 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] <... futex resumed>) = 0 [pid 5466] memfd_create("syzkaller", 0 [pid 5465] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5466] <... memfd_create resumed>) = 3 [pid 5466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5466] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5466] close(3) = 0 [pid 5466] mkdir("./file0", 0777) = 0 [pid 5466] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5466] chdir("./file0") = 0 [ 168.925464][ T5466] loop0: detected capacity change from 0 to 2048 [ 168.952612][ T5466] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 168.965028][ T5466] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5466] ioctl(4, LOOP_CLR_FD) = 0 [pid 5466] close(4) = 0 [pid 5466] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5465] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5466] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5466] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] <... futex resumed>) = 0 [pid 5466] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5465] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... open resumed>) = 5 [pid 5466] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5466] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] ftruncate(5, 33587199 [pid 5465] <... futex resumed>) = 0 [pid 5465] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... ftruncate resumed>) = 0 [pid 5466] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] <... futex resumed>) = 0 [pid 5465] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [pid 5466] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5465] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5465] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5466] <... mmap resumed>) = 0x20000000 [pid 5465] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5466] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] <... mprotect resumed>) = 0 [pid 5466] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5467 attached [pid 5467] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5465] <... clone3 resumed> => {parent_tid=[5467]}, 88) = 5467 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5465] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] <... rseq resumed>) = 0 [pid 5467] set_robust_list(0x7f50e61579a0, 24 [pid 5465] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... set_robust_list resumed>) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5467] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5467] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [pid 5466] read(6, [pid 5465] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5465] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [pid 5465] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5466] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5466] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5465] <... futex resumed>) = ? [pid 5467] +++ killed by SIGBUS +++ [pid 5466] +++ killed by SIGBUS +++ [pid 5465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5468 attached , child_tidptr=0x55555720b690) = 5468 [pid 5468] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5468] chdir("./131") = 0 [pid 5468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5468] setpgid(0, 0) = 0 [pid 5468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5468] write(3, "1000", 4) = 4 [pid 5468] close(3) = 0 [pid 5468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5468] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5468] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5469 attached [pid 5469] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5468] <... clone3 resumed> => {parent_tid=[5469]}, 88) = 5469 [pid 5469] set_robust_list(0x7f50e61789a0, 24 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], [pid 5469] <... set_robust_list resumed>) = 0 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] <... futex resumed>) = 0 [pid 5469] memfd_create("syzkaller", 0 [pid 5468] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5469] <... memfd_create resumed>) = 3 [pid 5469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5469] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5469] close(3) = 0 [pid 5469] mkdir("./file0", 0777) = 0 [pid 5469] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5469] chdir("./file0") = 0 [pid 5469] ioctl(4, LOOP_CLR_FD) = 0 [pid 5469] close(4) = 0 [pid 5469] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5468] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... open resumed>) = 4 [pid 5469] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5469] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5468] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 169.661812][ T5469] loop0: detected capacity change from 0 to 2048 [ 169.672320][ T5469] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 169.684116][ T5469] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5469] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5468] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] ftruncate(5, 33587199) = 0 [pid 5469] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5469] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5468] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5468] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5468] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5469] <... mmap resumed>) = 0x20000000 [pid 5469] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... mprotect resumed>) = 0 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5470 attached [pid 5470] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5468] <... clone3 resumed> => {parent_tid=[5470]}, 88) = 5470 [pid 5470] set_robust_list(0x7f50e61579a0, 24 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] <... set_robust_list resumed>) = 0 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5470] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5470] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5469] read(6, [pid 5468] <... futex resumed>) = 1 [pid 5468] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5468] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5468] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5469] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5468] <... futex resumed>) = ? [pid 5469] +++ killed by SIGBUS +++ [pid 5470] +++ killed by SIGBUS +++ [pid 5468] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5468, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5471 attached , child_tidptr=0x55555720b690) = 5471 [pid 5471] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5471] chdir("./132") = 0 [pid 5471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5471] setpgid(0, 0) = 0 [pid 5471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5471] write(3, "1000", 4) = 4 [pid 5471] close(3) = 0 [pid 5471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5471] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5471] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5472 attached [pid 5472] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5471] <... clone3 resumed> => {parent_tid=[5472]}, 88) = 5472 [pid 5472] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], [pid 5472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5472] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5471] <... futex resumed>) = 0 [pid 5472] memfd_create("syzkaller", 0 [pid 5471] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5472] <... memfd_create resumed>) = 3 [pid 5472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5472] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5472] close(3) = 0 [pid 5472] mkdir("./file0", 0777) = 0 [pid 5472] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5472] chdir("./file0") = 0 [pid 5472] ioctl(4, LOOP_CLR_FD) = 0 [pid 5472] close(4) = 0 [pid 5472] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5472] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 170.447861][ T5472] loop0: detected capacity change from 0 to 2048 [ 170.472085][ T5472] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 170.484329][ T5472] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5471] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5472] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5471] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... open resumed>) = 4 [pid 5472] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5471] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5471] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... open resumed>) = 5 [pid 5472] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5472] ftruncate(5, 33587199 [pid 5471] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... ftruncate resumed>) = 0 [pid 5472] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5472] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5471] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5471] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5471] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5472] <... mmap resumed>) = 0x20000000 [pid 5471] <... mprotect resumed>) = 0 [pid 5472] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5473 attached [pid 5473] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5473] set_robust_list(0x7f50e61579a0, 24 [pid 5471] <... clone3 resumed> => {parent_tid=[5473]}, 88) = 5473 [pid 5473] <... set_robust_list resumed>) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5471] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5473] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5471] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5471] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... openat resumed>) = 6 [pid 5473] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5471] <... futex resumed>) = 0 [pid 5473] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5472] read(6, [pid 5471] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5471] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5471] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5472] <... read resumed>) = ? [pid 5471] <... futex resumed>) = ? [pid 5472] +++ killed by SIGBUS +++ [pid 5473] +++ killed by SIGBUS +++ [pid 5471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5474 attached [pid 5474] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5474 [pid 5474] chdir("./133") = 0 [pid 5474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5474] setpgid(0, 0) = 0 [pid 5474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5474] write(3, "1000", 4) = 4 [pid 5474] close(3) = 0 [pid 5474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5474] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5474] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5475 attached [pid 5475] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5474] <... clone3 resumed> => {parent_tid=[5475]}, 88) = 5475 [pid 5475] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], [pid 5475] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5475] memfd_create("syzkaller", 0 [pid 5474] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5475] <... memfd_create resumed>) = 3 [pid 5475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5475] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5475] close(3) = 0 [pid 5475] mkdir("./file0", 0777) = 0 [pid 5475] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5475] chdir("./file0") = 0 [pid 5475] ioctl(4, LOOP_CLR_FD) = 0 [pid 5475] close(4) = 0 [pid 5475] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5475] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5475] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5475] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5475] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5474] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5475] <... futex resumed>) = 1 [pid 5474] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] ftruncate(5, 33587199 [pid 5474] <... futex resumed>) = 0 [pid 5475] <... ftruncate resumed>) = 0 [pid 5475] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5475] <... futex resumed>) = 0 [pid 5474] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5474] <... futex resumed>) = 0 [ 171.149970][ T5475] loop0: detected capacity change from 0 to 2048 [ 171.166194][ T5475] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 171.178066][ T5475] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5474] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5474] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5474] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5476 attached [pid 5475] <... mmap resumed>) = 0x20000000 [pid 5475] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5474] <... clone3 resumed> => {parent_tid=[5476]}, 88) = 5476 [pid 5476] <... rseq resumed>) = 0 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], [pid 5476] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5476] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5476] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5475] read(6, [pid 5474] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5474] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5474] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5475] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5474] <... futex resumed>) = ? [pid 5475] +++ killed by SIGBUS +++ [pid 5476] +++ killed by SIGBUS +++ [pid 5474] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5474, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5477 attached , child_tidptr=0x55555720b690) = 5477 [pid 5477] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5477] chdir("./134") = 0 [pid 5477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5477] setpgid(0, 0) = 0 [pid 5477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5477] write(3, "1000", 4) = 4 [pid 5477] close(3) = 0 [pid 5477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5477] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5477] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5478 attached => {parent_tid=[5478]}, 88) = 5478 [pid 5478] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5478] set_robust_list(0x7f50e61789a0, 24 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] <... set_robust_list resumed>) = 0 [pid 5478] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] memfd_create("syzkaller", 0 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5478] <... memfd_create resumed>) = 3 [pid 5478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5478] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5478] close(3) = 0 [pid 5478] mkdir("./file0", 0777) = 0 [pid 5478] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5478] chdir("./file0") = 0 [pid 5478] ioctl(4, LOOP_CLR_FD) = 0 [pid 5478] close(4) = 0 [pid 5478] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... open resumed>) = 4 [ 171.855761][ T5478] loop0: detected capacity change from 0 to 2048 [ 171.882202][ T5478] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 171.894018][ T5478] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5478] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5477] <... futex resumed>) = 0 [pid 5478] <... open resumed>) = 5 [pid 5477] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5478] ftruncate(5, 33587199 [pid 5477] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... ftruncate resumed>) = 0 [pid 5478] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = 1 [pid 5477] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5477] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5477] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5477] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5478] <... mmap resumed>) = 0x20000000 [pid 5478] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5479 attached [pid 5479] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5477] <... clone3 resumed> => {parent_tid=[5479]}, 88) = 5479 [pid 5479] <... rseq resumed>) = 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5479] set_robust_list(0x7f50e61579a0, 24 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5479] <... set_robust_list resumed>) = 0 [pid 5477] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5479] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5478] read(6, [pid 5477] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5477] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5477] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5478] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5477] <... futex resumed>) = ? [pid 5479] +++ killed by SIGBUS +++ [pid 5478] +++ killed by SIGBUS +++ [pid 5477] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5477, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5480 attached , child_tidptr=0x55555720b690) = 5480 [pid 5480] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5480] chdir("./135") = 0 [pid 5480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5480] setpgid(0, 0) = 0 [pid 5480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5480] write(3, "1000", 4) = 4 [pid 5480] close(3) = 0 [pid 5480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5480] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5480] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0} => {parent_tid=[5481]}, 88) = 5481 ./strace-static-x86_64: Process 5481 attached [pid 5480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5480] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5481] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5481] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5481] memfd_create("syzkaller", 0) = 3 [pid 5481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5481] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5481] close(3) = 0 [pid 5481] mkdir("./file0", 0777) = 0 [pid 5481] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5481] chdir("./file0") = 0 [pid 5481] ioctl(4, LOOP_CLR_FD) = 0 [pid 5481] close(4) = 0 [pid 5481] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] <... futex resumed>) = 0 [pid 5481] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5480] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... open resumed>) = 4 [pid 5481] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 1 [pid 5480] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5480] <... futex resumed>) = 0 [pid 5481] <... open resumed>) = 5 [ 172.692202][ T5481] loop0: detected capacity change from 0 to 2048 [ 172.708812][ T5481] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 172.721178][ T5481] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5480] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] ftruncate(5, 33587199 [pid 5480] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... ftruncate resumed>) = 0 [pid 5481] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5480] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5480] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5480] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5481] <... mmap resumed>) = 0x20000000 [pid 5480] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5481] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... clone3 resumed> => {parent_tid=[5482]}, 88) = 5482 ./strace-static-x86_64: Process 5482 attached [pid 5482] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], [pid 5482] <... rseq resumed>) = 0 [pid 5480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] set_robust_list(0x7f50e61579a0, 24 [pid 5480] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... set_robust_list resumed>) = 0 [pid 5480] <... futex resumed>) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5480] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5482] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5482] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = 0 [pid 5480] <... futex resumed>) = 1 [pid 5481] read(6, [pid 5480] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5480] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5480] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5481] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5481] ???( [pid 5480] <... futex resumed>) = ? [pid 5481] <... ??? resumed>) = ? [pid 5481] +++ killed by SIGBUS +++ [pid 5482] +++ killed by SIGBUS +++ [pid 5480] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5483 attached , child_tidptr=0x55555720b690) = 5483 [pid 5483] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5483] chdir("./136") = 0 [pid 5483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5483] setpgid(0, 0) = 0 [pid 5483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5483] write(3, "1000", 4) = 4 [pid 5483] close(3) = 0 [pid 5483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5483] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5483] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5484 attached [pid 5484] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5483] <... clone3 resumed> => {parent_tid=[5484]}, 88) = 5484 [pid 5484] set_robust_list(0x7f50e61789a0, 24 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], [pid 5484] <... set_robust_list resumed>) = 0 [pid 5483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5484] rt_sigprocmask(SIG_SETMASK, [], [pid 5483] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5483] <... futex resumed>) = 0 [pid 5484] memfd_create("syzkaller", 0 [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5484] <... memfd_create resumed>) = 3 [pid 5484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5484] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5484] close(3) = 0 [pid 5484] mkdir("./file0", 0777) = 0 [pid 5484] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5484] chdir("./file0") = 0 [pid 5484] ioctl(4, LOOP_CLR_FD) = 0 [pid 5484] close(4) = 0 [pid 5484] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... open resumed>) = 4 [pid 5484] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5484] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 173.453859][ T5484] loop0: detected capacity change from 0 to 2048 [ 173.479501][ T5484] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 173.491539][ T5484] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] ftruncate(5, 33587199) = 0 [pid 5484] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5483] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5483] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5483] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5485 attached => {parent_tid=[5485]}, 88) = 5485 [pid 5485] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], [pid 5485] <... rseq resumed>) = 0 [pid 5483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] set_robust_list(0x7f50e61579a0, 24 [pid 5483] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... set_robust_list resumed>) = 0 [pid 5483] <... futex resumed>) = 0 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], [pid 5483] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5485] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... mmap resumed>) = 0x20000000 [pid 5483] <... futex resumed>) = 0 [pid 5485] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 0 [pid 5484] read(6, [pid 5483] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5483] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = 0 [pid 5483] <... futex resumed>) = 1 [pid 5483] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5483] <... futex resumed>) = ? [pid 5484] <... read resumed> ) = ? [pid 5484] +++ killed by SIGBUS +++ [pid 5485] +++ killed by SIGBUS +++ [pid 5483] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5486 attached , child_tidptr=0x55555720b690) = 5486 [pid 5486] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5486] chdir("./137") = 0 [pid 5486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5486] setpgid(0, 0) = 0 [pid 5486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5486] write(3, "1000", 4) = 4 [pid 5486] close(3) = 0 [pid 5486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5486] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5486] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5487 attached [pid 5487] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5486] <... clone3 resumed> => {parent_tid=[5487]}, 88) = 5487 [pid 5487] set_robust_list(0x7f50e61789a0, 24 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] <... set_robust_list resumed>) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5486] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] memfd_create("syzkaller", 0 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5487] <... memfd_create resumed>) = 3 [pid 5487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5487] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5487] close(3) = 0 [pid 5487] mkdir("./file0", 0777) = 0 [pid 5487] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5487] chdir("./file0") = 0 [pid 5487] ioctl(4, LOOP_CLR_FD) = 0 [pid 5487] close(4) = 0 [pid 5487] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 174.156273][ T5487] loop0: detected capacity change from 0 to 2048 [ 174.183267][ T5487] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 174.195524][ T5487] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5487] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... futex resumed>) = 0 [pid 5487] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5487] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5487] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] ftruncate(5, 33587199 [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... ftruncate resumed>) = 0 [pid 5487] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5486] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5486] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5488 attached [pid 5488] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5488] set_robust_list(0x7f50e61579a0, 24 [pid 5487] <... mmap resumed>) = 0x20000000 [pid 5486] <... clone3 resumed> => {parent_tid=[5488]}, 88) = 5488 [pid 5488] <... set_robust_list resumed>) = 0 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5488] rt_sigprocmask(SIG_SETMASK, [], [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5488] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5486] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... openat resumed>) = 6 [pid 5488] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5488] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] read(6, [pid 5486] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5486] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5486] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5486] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5487] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5487] +++ killed by SIGBUS +++ [pid 5486] <... futex resumed>) = ? [pid 5488] +++ killed by SIGBUS +++ [pid 5486] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5486, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5489 attached , child_tidptr=0x55555720b690) = 5489 [pid 5489] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5489] chdir("./138") = 0 [pid 5489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5489] setpgid(0, 0) = 0 [pid 5489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5489] write(3, "1000", 4) = 4 [pid 5489] close(3) = 0 [pid 5489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5489] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5490 attached [pid 5490] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5489] <... clone3 resumed> => {parent_tid=[5490]}, 88) = 5490 [pid 5490] set_robust_list(0x7f50e61789a0, 24 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5490] <... set_robust_list resumed>) = 0 [pid 5490] rt_sigprocmask(SIG_SETMASK, [], [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5489] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] memfd_create("syzkaller", 0 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5490] <... memfd_create resumed>) = 3 [pid 5490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5490] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5490] close(3) = 0 [pid 5490] mkdir("./file0", 0777) = 0 [pid 5490] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5490] chdir("./file0") = 0 [pid 5490] ioctl(4, LOOP_CLR_FD) = 0 [pid 5490] close(4) = 0 [pid 5490] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 174.840102][ T5490] loop0: detected capacity change from 0 to 2048 [ 174.866221][ T5490] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 174.878132][ T5490] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5490] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5490] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] <... futex resumed>) = 0 [pid 5490] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... open resumed>) = 5 [pid 5490] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... futex resumed>) = 0 [pid 5490] <... futex resumed>) = 1 [pid 5489] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] ftruncate(5, 33587199 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... ftruncate resumed>) = 0 [pid 5490] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5489] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5489] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5490] <... mmap resumed>) = 0x20000000 [pid 5490] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... mprotect resumed>) = 0 [pid 5489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5491 attached [pid 5491] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5489] <... clone3 resumed> => {parent_tid=[5491]}, 88) = 5491 [pid 5491] set_robust_list(0x7f50e61579a0, 24 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5491] <... set_robust_list resumed>) = 0 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5491] rt_sigprocmask(SIG_SETMASK, [], [pid 5489] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5491] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5491] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5490] read(6, [pid 5489] <... futex resumed>) = 1 [pid 5489] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5489] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5489] <... futex resumed>) = 1 [pid 5489] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006c000} --- [pid 5490] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 262016 [pid 5490] ???( [pid 5489] <... futex resumed>) = ? [pid 5490] <... ??? resumed>) = ? [pid 5491] +++ killed by SIGBUS +++ [pid 5490] +++ killed by SIGBUS +++ [pid 5489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5492 attached , child_tidptr=0x55555720b690) = 5492 [pid 5492] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5492] chdir("./139") = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5492] setpgid(0, 0) = 0 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5492] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5493 attached => {parent_tid=[5493]}, 88) = 5493 [pid 5493] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5493] <... rseq resumed>) = 0 [pid 5493] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5493] memfd_create("syzkaller", 0) = 3 [pid 5493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5493] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5493] close(3) = 0 [pid 5493] mkdir("./file0", 0777) = 0 [pid 5493] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5493] chdir("./file0") = 0 [pid 5493] ioctl(4, LOOP_CLR_FD) = 0 [pid 5493] close(4) = 0 [pid 5493] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 175.552590][ T5493] loop0: detected capacity change from 0 to 2048 [ 175.573442][ T5493] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 175.585531][ T5493] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5493] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5492] <... futex resumed>) = 1 [pid 5492] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5493] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... futex resumed>) = 1 [pid 5493] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5493] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5493] <... futex resumed>) = 1 [pid 5492] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] ftruncate(5, 33587199 [pid 5492] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... ftruncate resumed>) = 0 [pid 5493] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [pid 5493] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5492] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5492] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5492] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5493] <... mmap resumed>) = 0x20000000 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5493] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5493] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5494 attached [pid 5494] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5492] <... clone3 resumed> => {parent_tid=[5494]}, 88) = 5494 [pid 5494] <... rseq resumed>) = 0 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] set_robust_list(0x7f50e61579a0, 24 [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] <... set_robust_list resumed>) = 0 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5492] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5494] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5494] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5492] <... futex resumed>) = 1 [pid 5493] read(6, [pid 5492] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5492] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5492] <... futex resumed>) = 1 [pid 5492] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5492] <... futex resumed>) = ? [pid 5493] <... read resumed> ) = ? [pid 5494] +++ killed by SIGBUS +++ [pid 5493] +++ killed by SIGBUS +++ [pid 5492] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5492, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5495 attached , child_tidptr=0x55555720b690) = 5495 [pid 5495] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5495] chdir("./140") = 0 [pid 5495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5495] setpgid(0, 0) = 0 [pid 5495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5495] write(3, "1000", 4) = 4 [pid 5495] close(3) = 0 [pid 5495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5495] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5495] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5496 attached [pid 5496] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5495] <... clone3 resumed> => {parent_tid=[5496]}, 88) = 5496 [pid 5496] <... rseq resumed>) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5496] set_robust_list(0x7f50e61789a0, 24 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] <... set_robust_list resumed>) = 0 [pid 5495] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... futex resumed>) = 0 [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] memfd_create("syzkaller", 0 [pid 5495] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5496] <... memfd_create resumed>) = 3 [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5496] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5496] close(3) = 0 [pid 5496] mkdir("./file0", 0777) = 0 [pid 5496] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5496] chdir("./file0") = 0 [pid 5496] ioctl(4, LOOP_CLR_FD) = 0 [pid 5496] close(4) = 0 [pid 5496] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5496] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5496] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5496] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5495] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5496] <... open resumed>) = 5 [pid 5496] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5496] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] <... futex resumed>) = 0 [pid 5496] ftruncate(5, 33587199 [pid 5495] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5496] <... ftruncate resumed>) = 0 [pid 5496] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5495] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5495] <... futex resumed>) = 0 [ 176.223277][ T5496] loop0: detected capacity change from 0 to 2048 [ 176.239207][ T5496] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 176.251582][ T5496] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5495] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5495] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5495] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5497]}, 88) = 5497 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5497 attached NULL, 8) = 0 [pid 5495] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... rseq resumed>) = 0 [pid 5497] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5497] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5497] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5497] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] read(6, [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5495] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5495] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5498 attached => {parent_tid=[5498]}, 88) = 5498 [pid 5498] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5498] <... rseq resumed>) = 0 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5498] set_robust_list(0x7f50e61369a0, 24 [pid 5495] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... set_robust_list resumed>) = 0 [pid 5495] <... futex resumed>) = 0 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] <... mmap resumed>) = 0x20000000 [pid 5496] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006d000} --- [pid 5497] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 257920 [pid 5497] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] <... futex resumed>) = ? [pid 5495] <... futex resumed>) = ? [pid 5498] +++ killed by SIGBUS +++ [pid 5497] +++ killed by SIGBUS +++ [pid 5496] +++ killed by SIGBUS +++ [pid 5495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5499 attached , child_tidptr=0x55555720b690) = 5499 [pid 5499] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5499] chdir("./141") = 0 [pid 5499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5499] setpgid(0, 0) = 0 [pid 5499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5499] write(3, "1000", 4) = 4 [pid 5499] close(3) = 0 [pid 5499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5499] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5499] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5500 attached [pid 5500] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5499] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5500] <... rseq resumed>) = 0 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] set_robust_list(0x7f50e61789a0, 24 [pid 5499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] <... set_robust_list resumed>) = 0 [pid 5499] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], [pid 5499] <... futex resumed>) = 0 [pid 5500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] memfd_create("syzkaller", 0) = 3 [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5500] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5500] close(3) = 0 [pid 5500] mkdir("./file0", 0777) = 0 [pid 5500] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5500] chdir("./file0") = 0 [pid 5500] ioctl(4, LOOP_CLR_FD) = 0 [pid 5500] close(4) = 0 [pid 5500] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 176.960193][ T5500] loop0: detected capacity change from 0 to 2048 [ 176.985676][ T5500] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 176.997604][ T5500] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5500] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5500] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = 0 [pid 5500] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... open resumed>) = 5 [pid 5500] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5500] ftruncate(5, 33587199 [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... ftruncate resumed>) = 0 [pid 5500] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5500] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5499] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5500] <... mmap resumed>) = 0x20000000 [pid 5500] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] <... mprotect resumed>) = 0 [pid 5500] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5501 attached => {parent_tid=[5501]}, 88) = 5501 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5501] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5501] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5501] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5501] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [pid 5500] read(6, [pid 5499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5499] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5500] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5499] <... futex resumed>) = ? [pid 5500] +++ killed by SIGBUS +++ [pid 5501] +++ killed by SIGBUS +++ [pid 5499] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5502 attached , child_tidptr=0x55555720b690) = 5502 [pid 5502] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5502] chdir("./142") = 0 [pid 5502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5502] setpgid(0, 0) = 0 [pid 5502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5502] write(3, "1000", 4) = 4 [pid 5502] close(3) = 0 [pid 5502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5502] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5502] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5503 attached [pid 5503] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5502] <... clone3 resumed> => {parent_tid=[5503]}, 88) = 5503 [pid 5503] <... rseq resumed>) = 0 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], [pid 5503] set_robust_list(0x7f50e61789a0, 24 [pid 5502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5503] <... set_robust_list resumed>) = 0 [pid 5502] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], [pid 5502] <... futex resumed>) = 0 [pid 5503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5503] memfd_create("syzkaller", 0 [pid 5502] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5503] <... memfd_create resumed>) = 3 [pid 5503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5503] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5503] close(3) = 0 [pid 5503] mkdir("./file0", 0777) = 0 [pid 5503] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5503] chdir("./file0") = 0 [ 177.728009][ T5503] loop0: detected capacity change from 0 to 2048 [ 177.754153][ T5503] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 177.766503][ T5503] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5503] ioctl(4, LOOP_CLR_FD) = 0 [pid 5503] close(4) = 0 [pid 5503] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5503] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5502] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] <... open resumed>) = 4 [pid 5502] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5503] <... futex resumed>) = 0 [pid 5502] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5502] <... futex resumed>) = 0 [pid 5503] <... open resumed>) = 5 [pid 5502] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5503] ftruncate(5, 33587199 [pid 5502] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... ftruncate resumed>) = 0 [pid 5503] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5503] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5502] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5502] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5502] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5503] <... mmap resumed>) = 0x20000000 [pid 5502] <... mprotect resumed>) = 0 [pid 5503] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5504 attached [pid 5504] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5502] <... clone3 resumed> => {parent_tid=[5504]}, 88) = 5504 [pid 5504] <... rseq resumed>) = 0 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], [pid 5504] set_robust_list(0x7f50e61579a0, 24 [pid 5502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5504] <... set_robust_list resumed>) = 0 [pid 5502] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], [pid 5502] <... futex resumed>) = 0 [pid 5504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5504] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5504] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5503] read(6, [pid 5502] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5502] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5502] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5504] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5503] <... read resumed>) = ? [pid 5502] <... futex resumed>) = ? [pid 5504] +++ killed by SIGBUS +++ [pid 5503] +++ killed by SIGBUS +++ [pid 5502] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5502, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5505 attached , child_tidptr=0x55555720b690) = 5505 [pid 5505] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5505] chdir("./143") = 0 [pid 5505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5505] setpgid(0, 0) = 0 [pid 5505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5505] write(3, "1000", 4) = 4 [pid 5505] close(3) = 0 [pid 5505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5505] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5505] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5506 attached [pid 5506] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5505] <... clone3 resumed> => {parent_tid=[5506]}, 88) = 5506 [pid 5506] <... rseq resumed>) = 0 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], [pid 5506] set_robust_list(0x7f50e61789a0, 24 [pid 5505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5506] <... set_robust_list resumed>) = 0 [pid 5505] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5505] <... futex resumed>) = 0 [pid 5506] memfd_create("syzkaller", 0 [pid 5505] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5506] <... memfd_create resumed>) = 3 [pid 5506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5506] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5506] close(3) = 0 [pid 5506] mkdir("./file0", 0777) = 0 [pid 5506] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5506] chdir("./file0") = 0 [pid 5506] ioctl(4, LOOP_CLR_FD) = 0 [pid 5506] close(4) = 0 [pid 5506] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5505] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] <... open resumed>) = 4 [pid 5505] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5506] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5506] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] <... futex resumed>) = 1 [pid 5505] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 178.455377][ T5506] loop0: detected capacity change from 0 to 2048 [ 178.473262][ T5506] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 178.485521][ T5506] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5505] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5506] ftruncate(5, 33587199 [pid 5505] <... futex resumed>) = 1 [pid 5505] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... ftruncate resumed>) = 0 [pid 5506] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5506] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5505] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5505] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5505] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5506] <... mmap resumed>) = 0x20000000 [pid 5505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5506] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5507 attached [pid 5507] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5506] <... futex resumed>) = 0 [pid 5505] <... clone3 resumed> => {parent_tid=[5507]}, 88) = 5507 [pid 5507] set_robust_list(0x7f50e61579a0, 24 [pid 5506] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] rt_sigprocmask(SIG_SETMASK, [], [pid 5507] <... set_robust_list resumed>) = 0 [pid 5505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5505] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5507] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5507] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5506] read(6, [pid 5505] <... futex resumed>) = 1 [pid 5505] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5505] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5505] <... futex resumed>) = 1 [pid 5505] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5506] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5505] <... futex resumed>) = ? [pid 5506] +++ killed by SIGBUS +++ [pid 5507] +++ killed by SIGBUS +++ [pid 5505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5508 attached [pid 5508] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5508 [pid 5508] <... set_robust_list resumed>) = 0 [pid 5508] chdir("./144") = 0 [pid 5508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5508] setpgid(0, 0) = 0 [pid 5508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5508] write(3, "1000", 4) = 4 [pid 5508] close(3) = 0 [pid 5508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5508] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5508] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5509 attached [pid 5509] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5508] <... clone3 resumed> => {parent_tid=[5509]}, 88) = 5509 [pid 5509] <... rseq resumed>) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5509] set_robust_list(0x7f50e61789a0, 24 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5509] <... set_robust_list resumed>) = 0 [pid 5508] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] <... futex resumed>) = 0 [pid 5509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5509] memfd_create("syzkaller", 0) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5509] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5509] close(3) = 0 [pid 5509] mkdir("./file0", 0777) = 0 [pid 5509] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5509] chdir("./file0") = 0 [pid 5509] ioctl(4, LOOP_CLR_FD) = 0 [pid 5509] close(4) = 0 [pid 5509] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] <... futex resumed>) = 0 [pid 5509] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5508] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... open resumed>) = 4 [ 179.148427][ T5509] loop0: detected capacity change from 0 to 2048 [ 179.165521][ T5509] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 179.177503][ T5509] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5509] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... open resumed>) = 5 [pid 5509] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5509] ftruncate(5, 33587199 [pid 5508] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... ftruncate resumed>) = 0 [pid 5509] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] <... futex resumed>) = 0 [pid 5509] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5508] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5508] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5508] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5510 attached [pid 5510] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5508] <... clone3 resumed> => {parent_tid=[5510]}, 88) = 5510 [pid 5510] <... rseq resumed>) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5510] set_robust_list(0x7f50e61579a0, 24 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] <... set_robust_list resumed>) = 0 [pid 5508] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] <... futex resumed>) = 0 [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5510] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [pid 5510] read(6, [pid 5509] <... mmap resumed>) = 0x20000000 [pid 5509] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5508] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5508] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5510] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5509] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5510] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5508] <... futex resumed>) = ? [pid 5510] +++ killed by SIGBUS +++ [pid 5509] +++ killed by SIGBUS +++ [pid 5508] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5508, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5511 attached [pid 5511] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5511 [pid 5511] <... set_robust_list resumed>) = 0 [pid 5511] chdir("./145") = 0 [pid 5511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5511] setpgid(0, 0) = 0 [pid 5511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5511] write(3, "1000", 4) = 4 [pid 5511] close(3) = 0 [pid 5511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5511] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5511] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5512 attached [pid 5512] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5511] <... clone3 resumed> => {parent_tid=[5512]}, 88) = 5512 [pid 5512] <... rseq resumed>) = 0 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], [pid 5512] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], [pid 5511] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5511] <... futex resumed>) = 0 [pid 5512] memfd_create("syzkaller", 0 [pid 5511] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5512] <... memfd_create resumed>) = 3 [pid 5512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5512] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5512] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5512] close(3) = 0 [pid 5512] mkdir("./file0", 0777) = 0 [pid 5512] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5512] chdir("./file0") = 0 [pid 5512] ioctl(4, LOOP_CLR_FD) = 0 [pid 5512] close(4) = 0 [ 179.875910][ T5512] loop0: detected capacity change from 0 to 2048 [ 179.900671][ T5512] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 179.913162][ T5512] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5512] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... open resumed>) = 4 [pid 5512] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5512] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5512] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5511] <... futex resumed>) = 0 [pid 5512] ftruncate(5, 33587199 [pid 5511] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... ftruncate resumed>) = 0 [pid 5512] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5512] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5511] <... futex resumed>) = 0 [pid 5512] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5511] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5511] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5511] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5512] <... mmap resumed>) = 0x20000000 [pid 5512] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5513 attached ) = 0 [pid 5511] <... clone3 resumed> => {parent_tid=[5513]}, 88) = 5513 [pid 5513] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5512] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... rseq resumed>) = 0 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], [pid 5513] set_robust_list(0x7f50e61579a0, 24 [pid 5511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5513] <... set_robust_list resumed>) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5513] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5511] <... futex resumed>) = 1 [pid 5511] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5513] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5513] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5511] <... futex resumed>) = 1 [pid 5512] read(6, [pid 5511] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5511] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5511] <... futex resumed>) = 1 [pid 5511] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5513] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5512] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5512] ???() = ? [pid 5511] <... futex resumed>) = ? [pid 5513] +++ killed by SIGBUS +++ [pid 5512] +++ killed by SIGBUS +++ [pid 5511] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5511, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5514 attached , child_tidptr=0x55555720b690) = 5514 [pid 5514] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5514] chdir("./146") = 0 [pid 5514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5514] setpgid(0, 0) = 0 [pid 5514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5514] write(3, "1000", 4) = 4 [pid 5514] close(3) = 0 [pid 5514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5514] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5515 attached [pid 5515] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5514] <... clone3 resumed> => {parent_tid=[5515]}, 88) = 5515 [pid 5515] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], [pid 5515] rt_sigprocmask(SIG_SETMASK, [], [pid 5514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5514] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] memfd_create("syzkaller", 0 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5515] <... memfd_create resumed>) = 3 [pid 5515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5515] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5515] close(3) = 0 [pid 5515] mkdir("./file0", 0777) = 0 [pid 5515] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5515] chdir("./file0") = 0 [pid 5515] ioctl(4, LOOP_CLR_FD) = 0 [pid 5515] close(4) = 0 [pid 5515] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... open resumed>) = 4 [pid 5515] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5515] <... futex resumed>) = 0 [pid 5514] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... open resumed>) = 5 [ 180.655574][ T5515] loop0: detected capacity change from 0 to 2048 [ 180.679839][ T5515] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 180.692076][ T5515] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5515] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5515] ftruncate(5, 33587199 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... ftruncate resumed>) = 0 [pid 5515] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5515] <... futex resumed>) = 1 [pid 5514] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5514] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5515] <... mmap resumed>) = 0x20000000 [pid 5514] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5515] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5515] <... futex resumed>) = 0 [pid 5515] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5516 attached [pid 5516] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5516] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5514] <... clone3 resumed> => {parent_tid=[5516]}, 88) = 5516 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], [pid 5514] rt_sigprocmask(SIG_SETMASK, [], [pid 5516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5516] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5516] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5516] <... futex resumed>) = 1 [pid 5514] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5515] <... futex resumed>) = 0 [pid 5515] read(6, [pid 5514] <... futex resumed>) = 1 [pid 5514] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5514] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5514] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5516] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5515] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5515] +++ killed by SIGBUS +++ [pid 5514] <... futex resumed>) = ? [pid 5516] +++ killed by SIGBUS +++ [pid 5514] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5514, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5517 attached , child_tidptr=0x55555720b690) = 5517 [pid 5517] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5517] chdir("./147") = 0 [pid 5517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5517] setpgid(0, 0) = 0 [pid 5517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5517] write(3, "1000", 4) = 4 [pid 5517] close(3) = 0 [pid 5517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5517] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5517] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5518 attached [pid 5518] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5517] <... clone3 resumed> => {parent_tid=[5518]}, 88) = 5518 [pid 5518] set_robust_list(0x7f50e61789a0, 24 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], [pid 5518] <... set_robust_list resumed>) = 0 [pid 5517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], [pid 5517] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5517] <... futex resumed>) = 0 [pid 5518] memfd_create("syzkaller", 0 [pid 5517] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5518] <... memfd_create resumed>) = 3 [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5518] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file0", 0777) = 0 [pid 5518] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5518] chdir("./file0") = 0 [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5517] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... open resumed>) = 4 [pid 5518] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 181.335712][ T5518] loop0: detected capacity change from 0 to 2048 [ 181.350479][ T5518] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 181.363205][ T5518] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5518] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5518] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5518] ftruncate(5, 33587199 [pid 5517] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... ftruncate resumed>) = 0 [pid 5518] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5517] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5517] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5517] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5518] <... mmap resumed>) = 0x20000000 [pid 5518] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5519 attached [pid 5519] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5517] <... clone3 resumed> => {parent_tid=[5519]}, 88) = 5519 [pid 5519] <... rseq resumed>) = 0 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5517] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5519] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5518] read(6, [pid 5517] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5517] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5517] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5519] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5518] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5517] <... futex resumed>) = ? [pid 5519] +++ killed by SIGBUS +++ [pid 5518] +++ killed by SIGBUS +++ [pid 5517] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5517, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5520 attached , child_tidptr=0x55555720b690) = 5520 [pid 5520] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5520] chdir("./148") = 0 [pid 5520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5520] setpgid(0, 0) = 0 [pid 5520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5520] write(3, "1000", 4) = 4 [pid 5520] close(3) = 0 [pid 5520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5520] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5520] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5521 attached => {parent_tid=[5521]}, 88) = 5521 [pid 5520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5520] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5521] set_robust_list(0x7f50e61789a0, 24 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5521] <... set_robust_list resumed>) = 0 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5521] memfd_create("syzkaller", 0) = 3 [pid 5521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5521] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5521] close(3) = 0 [pid 5521] mkdir("./file0", 0777) = 0 [pid 5521] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5521] chdir("./file0") = 0 [pid 5521] ioctl(4, LOOP_CLR_FD) = 0 [pid 5521] close(4) = 0 [pid 5521] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5520] <... futex resumed>) = 1 [pid 5521] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... open resumed>) = 4 [ 182.066713][ T5521] loop0: detected capacity change from 0 to 2048 [ 182.081059][ T5521] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 182.092995][ T5521] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5521] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5521] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5520] <... futex resumed>) = 0 [pid 5521] <... open resumed>) = 5 [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] ftruncate(5, 33587199 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... ftruncate resumed>) = 0 [pid 5521] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] <... futex resumed>) = 0 [pid 5521] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] <... futex resumed>) = 0 [pid 5521] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5520] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5520] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5520] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5521] <... mmap resumed>) = 0x20000000 [pid 5520] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5521] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5522 attached [pid 5522] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5520] <... clone3 resumed> => {parent_tid=[5522]}, 88) = 5522 [pid 5522] <... rseq resumed>) = 0 [pid 5520] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] set_robust_list(0x7f50e61579a0, 24 [pid 5520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] <... set_robust_list resumed>) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5520] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... futex resumed>) = 0 [pid 5521] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5522] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5520] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5521] <... futex resumed>) = 0 [pid 5520] <... futex resumed>) = 1 [pid 5521] read(6, [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5520] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5520] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5520] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5522] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5521] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5520] <... futex resumed>) = ? [pid 5522] +++ killed by SIGBUS +++ [pid 5521] +++ killed by SIGBUS +++ [pid 5520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5523 attached , child_tidptr=0x55555720b690) = 5523 [pid 5523] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5523] chdir("./149") = 0 [pid 5523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5523] setpgid(0, 0) = 0 [pid 5523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5523] write(3, "1000", 4) = 4 [pid 5523] close(3) = 0 [pid 5523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5523] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5523] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5524 attached [pid 5524] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5524] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] <... clone3 resumed> => {parent_tid=[5524]}, 88) = 5524 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5524] memfd_create("syzkaller", 0 [pid 5523] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5524] <... memfd_create resumed>) = 3 [pid 5524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5524] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5524] close(3) = 0 [pid 5524] mkdir("./file0", 0777) = 0 [pid 5524] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5524] chdir("./file0") = 0 [pid 5524] ioctl(4, LOOP_CLR_FD) = 0 [pid 5524] close(4) = 0 [pid 5524] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5523] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... open resumed>) = 4 [ 182.912651][ T5524] loop0: detected capacity change from 0 to 2048 [ 182.927390][ T5524] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 182.939270][ T5524] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5524] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = 0 [pid 5523] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5523] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5524] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] <... futex resumed>) = 0 [pid 5524] ftruncate(5, 33587199 [pid 5523] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... ftruncate resumed>) = 0 [pid 5524] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] <... futex resumed>) = 0 [pid 5524] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5523] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5523] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5523] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5524] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5525 attached [pid 5524] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... clone3 resumed> => {parent_tid=[5525]}, 88) = 5525 [pid 5525] <... rseq resumed>) = 0 [pid 5524] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] set_robust_list(0x7f50e61579a0, 24 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] <... set_robust_list resumed>) = 0 [pid 5523] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5525] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5525] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = 0 [pid 5523] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... futex resumed>) = 0 [pid 5524] read(6, [pid 5523] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5523] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5523] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5524] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5525] +++ killed by SIGBUS +++ [pid 5524] +++ killed by SIGBUS +++ [pid 5523] <... futex resumed>) = ? [pid 5523] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5523, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5526 attached , child_tidptr=0x55555720b690) = 5526 [pid 5526] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5526] chdir("./150") = 0 [pid 5526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5526] setpgid(0, 0) = 0 [pid 5526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5526] write(3, "1000", 4) = 4 [pid 5526] close(3) = 0 [pid 5526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5526] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5526] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5526] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5527 attached [pid 5527] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5526] <... clone3 resumed> => {parent_tid=[5527]}, 88) = 5527 [pid 5527] <... rseq resumed>) = 0 [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5527] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], [pid 5526] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5526] <... futex resumed>) = 0 [pid 5527] memfd_create("syzkaller", 0 [pid 5526] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5527] <... memfd_create resumed>) = 3 [pid 5527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5527] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5527] close(3) = 0 [pid 5527] mkdir("./file0", 0777) = 0 [pid 5527] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5527] chdir("./file0") = 0 [pid 5527] ioctl(4, LOOP_CLR_FD) = 0 [pid 5527] close(4) = 0 [ 183.627402][ T5527] loop0: detected capacity change from 0 to 2048 [ 183.652627][ T5527] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 183.664689][ T5527] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5527] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5526] <... futex resumed>) = 0 [pid 5527] <... open resumed>) = 4 [pid 5526] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5527] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5526] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] <... open resumed>) = 5 [pid 5526] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5527] <... futex resumed>) = 0 [pid 5526] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] ftruncate(5, 33587199 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... ftruncate resumed>) = 0 [pid 5527] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... futex resumed>) = 0 [pid 5527] <... futex resumed>) = 1 [pid 5526] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5526] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5526] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5526] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5527] <... mmap resumed>) = 0x20000000 [pid 5527] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5527] <... futex resumed>) = 0 [pid 5526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5527] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5528 attached [pid 5528] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5526] <... clone3 resumed> => {parent_tid=[5528]}, 88) = 5528 [pid 5528] <... rseq resumed>) = 0 [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] set_robust_list(0x7f50e61579a0, 24 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5528] <... set_robust_list resumed>) = 0 [pid 5526] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5526] <... futex resumed>) = 0 [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5526] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5528] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5528] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5526] <... futex resumed>) = 1 [pid 5527] read(6, [pid 5526] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5526] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5526] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5527] <... read resumed>) = ? [pid 5528] +++ killed by SIGBUS +++ [pid 5527] +++ killed by SIGBUS +++ [pid 5526] <... futex resumed>) = ? [pid 5526] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5526, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5529 attached , child_tidptr=0x55555720b690) = 5529 [pid 5529] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5529] chdir("./151") = 0 [pid 5529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5529] setpgid(0, 0) = 0 [pid 5529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5529] write(3, "1000", 4) = 4 [pid 5529] close(3) = 0 [pid 5529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5529] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5529] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5530 attached [pid 5530] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5529] <... clone3 resumed> => {parent_tid=[5530]}, 88) = 5530 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5530] <... rseq resumed>) = 0 [pid 5530] set_robust_list(0x7f50e61789a0, 24 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] <... set_robust_list resumed>) = 0 [pid 5529] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] <... futex resumed>) = 0 [pid 5530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5530] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] mkdir("./file0", 0777) = 0 [pid 5530] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./file0") = 0 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 184.421982][ T5530] loop0: detected capacity change from 0 to 2048 [ 184.437780][ T5530] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 184.449418][ T5530] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5530] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5530] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 1 [pid 5530] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5529] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... open resumed>) = 5 [pid 5530] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] <... futex resumed>) = 0 [pid 5530] ftruncate(5, 33587199 [pid 5529] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... ftruncate resumed>) = 0 [pid 5530] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5529] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5529] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5530] <... mmap resumed>) = 0x20000000 [pid 5530] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5530] <... futex resumed>) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5530] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5531 attached [pid 5531] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5529] <... clone3 resumed> => {parent_tid=[5531]}, 88) = 5531 [pid 5531] set_robust_list(0x7f50e61579a0, 24 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5531] <... set_robust_list resumed>) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5531] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5531] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5531] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 1 [pid 5530] read(6, [pid 5529] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5529] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5531] <... futex resumed>) = 0 [pid 5529] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5531] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5530] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5529] <... futex resumed>) = ? [pid 5531] +++ killed by SIGBUS +++ [pid 5530] +++ killed by SIGBUS +++ [pid 5529] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5529, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5532 attached , child_tidptr=0x55555720b690) = 5532 [pid 5532] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5532] chdir("./152") = 0 [pid 5532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5532] setpgid(0, 0) = 0 [pid 5532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5532] write(3, "1000", 4) = 4 [pid 5532] close(3) = 0 [pid 5532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5532] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5532] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5533 attached [pid 5533] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5532] <... clone3 resumed> => {parent_tid=[5533]}, 88) = 5533 [pid 5533] <... rseq resumed>) = 0 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] set_robust_list(0x7f50e61789a0, 24 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] <... set_robust_list resumed>) = 0 [pid 5532] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5533] memfd_create("syzkaller", 0) = 3 [pid 5533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5533] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5533] close(3) = 0 [pid 5533] mkdir("./file0", 0777) = 0 [pid 5533] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5533] chdir("./file0") = 0 [pid 5533] ioctl(4, LOOP_CLR_FD) = 0 [pid 5533] close(4) = 0 [pid 5533] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] <... futex resumed>) = 0 [pid 5533] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5532] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... open resumed>) = 4 [ 185.104655][ T5533] loop0: detected capacity change from 0 to 2048 [ 185.121531][ T5533] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 185.133608][ T5533] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5533] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] <... futex resumed>) = 0 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5532] <... futex resumed>) = 0 [pid 5533] <... open resumed>) = 5 [pid 5532] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] <... futex resumed>) = 0 [pid 5533] ftruncate(5, 33587199 [pid 5532] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... ftruncate resumed>) = 0 [pid 5533] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5533] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5532] <... futex resumed>) = 0 [pid 5533] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5532] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5532] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5532] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5533] <... mmap resumed>) = 0x20000000 [pid 5532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5533] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5534 attached [pid 5532] <... clone3 resumed> => {parent_tid=[5534]}, 88) = 5534 [pid 5534] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5534] <... rseq resumed>) = 0 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5534] set_robust_list(0x7f50e61579a0, 24 [pid 5532] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... set_robust_list resumed>) = 0 [pid 5532] <... futex resumed>) = 0 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], [pid 5532] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5534] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5534] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5532] <... futex resumed>) = 1 [pid 5533] read(6, [pid 5532] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5532] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5532] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5534] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5533] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5532] <... futex resumed>) = ? [pid 5534] +++ killed by SIGBUS +++ [pid 5533] +++ killed by SIGBUS +++ [pid 5532] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5535 attached , child_tidptr=0x55555720b690) = 5535 [pid 5535] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5535] chdir("./153") = 0 [pid 5535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5535] setpgid(0, 0) = 0 [pid 5535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5535] write(3, "1000", 4) = 4 [pid 5535] close(3) = 0 [pid 5535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5535] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5535] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5536 attached => {parent_tid=[5536]}, 88) = 5536 [pid 5536] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5536] <... rseq resumed>) = 0 [pid 5535] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5536] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5536] memfd_create("syzkaller", 0) = 3 [pid 5536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5536] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5536] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5536] close(3) = 0 [pid 5536] mkdir("./file0", 0777) = 0 [pid 5536] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5536] chdir("./file0") = 0 [pid 5536] ioctl(4, LOOP_CLR_FD) = 0 [pid 5536] close(4) = 0 [pid 5536] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5535] <... futex resumed>) = 0 [ 185.863629][ T5536] loop0: detected capacity change from 0 to 2048 [ 185.878255][ T5536] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 185.890455][ T5536] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... open resumed>) = 4 [pid 5536] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5536] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... futex resumed>) = 0 [pid 5536] ftruncate(5, 33587199) = 0 [pid 5536] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] <... futex resumed>) = 0 [pid 5536] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5535] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5535] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5536] <... mmap resumed>) = 0x20000000 [pid 5535] <... mprotect resumed>) = 0 [pid 5536] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5536] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5537 attached => {parent_tid=[5537]}, 88) = 5537 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5535] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5537] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5537] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5537] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5537] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... futex resumed>) = 0 [pid 5536] read(6, [pid 5535] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5535] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5535] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 1 [pid 5535] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5537] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5536] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5535] <... futex resumed>) = ? [pid 5537] +++ killed by SIGBUS +++ [pid 5536] +++ killed by SIGBUS +++ [pid 5535] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5535, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5538 attached [pid 5538] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5538 [pid 5538] <... set_robust_list resumed>) = 0 [pid 5538] chdir("./154") = 0 [pid 5538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5538] setpgid(0, 0) = 0 [pid 5538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5538] write(3, "1000", 4) = 4 [pid 5538] close(3) = 0 [pid 5538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5538] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5538] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5539 attached [pid 5539] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5539] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5538] <... clone3 resumed> => {parent_tid=[5539]}, 88) = 5539 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5539] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] <... futex resumed>) = 0 [pid 5539] memfd_create("syzkaller", 0 [pid 5538] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5539] <... memfd_create resumed>) = 3 [pid 5539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5539] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5539] close(3) = 0 [pid 5539] mkdir("./file0", 0777) = 0 [pid 5539] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5539] chdir("./file0") = 0 [pid 5539] ioctl(4, LOOP_CLR_FD) = 0 [pid 5539] close(4) = 0 [pid 5539] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5538] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... open resumed>) = 4 [pid 5539] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5539] <... futex resumed>) = 1 [pid 5538] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... open resumed>) = 5 [pid 5539] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] ftruncate(5, 33587199 [pid 5538] <... futex resumed>) = 0 [ 186.574207][ T5539] loop0: detected capacity change from 0 to 2048 [ 186.600374][ T5539] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 186.612687][ T5539] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5538] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... ftruncate resumed>) = 0 [pid 5539] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5538] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5538] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5538] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5539] <... mmap resumed>) = 0x20000000 [pid 5538] <... mprotect resumed>) = 0 [pid 5539] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5539] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5540 attached [pid 5540] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5538] <... clone3 resumed> => {parent_tid=[5540]}, 88) = 5540 [pid 5540] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5540] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5540] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5538] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] read(6, [pid 5538] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5538] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 0 [pid 5540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5539] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5539] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] ???() = ? [pid 5538] <... futex resumed>) = ? [pid 5540] +++ killed by SIGBUS +++ [pid 5539] +++ killed by SIGBUS +++ [pid 5538] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5538, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5541 attached , child_tidptr=0x55555720b690) = 5541 [pid 5541] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5541] chdir("./155") = 0 [pid 5541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5541] setpgid(0, 0) = 0 [pid 5541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5541] write(3, "1000", 4) = 4 [pid 5541] close(3) = 0 [pid 5541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5541] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5541] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5542 attached [pid 5542] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5541] <... clone3 resumed> => {parent_tid=[5542]}, 88) = 5542 [pid 5542] set_robust_list(0x7f50e61789a0, 24 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5542] <... set_robust_list resumed>) = 0 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] memfd_create("syzkaller", 0 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5542] <... memfd_create resumed>) = 3 [pid 5542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5542] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5542] close(3) = 0 [pid 5542] mkdir("./file0", 0777) = 0 [pid 5542] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5542] chdir("./file0") = 0 [pid 5542] ioctl(4, LOOP_CLR_FD) = 0 [pid 5542] close(4) = 0 [pid 5542] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5541] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... open resumed>) = 4 [ 187.311991][ T5542] loop0: detected capacity change from 0 to 2048 [ 187.328060][ T5542] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 187.340250][ T5542] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5542] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5541] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... open resumed>) = 5 [pid 5542] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5542] ftruncate(5, 33587199 [pid 5541] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... ftruncate resumed>) = 0 [pid 5542] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5542] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5541] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5541] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5542] <... mmap resumed>) = 0x20000000 [pid 5541] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5542] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] <... mprotect resumed>) = 0 [pid 5541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5543 attached [pid 5543] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5541] <... clone3 resumed> => {parent_tid=[5543]}, 88) = 5543 [pid 5543] <... rseq resumed>) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5543] set_robust_list(0x7f50e61579a0, 24 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5543] <... set_robust_list resumed>) = 0 [pid 5541] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5543] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5543] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 0 [pid 5542] read(6, [pid 5541] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5541] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = 1 [pid 5541] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20079000} --- [pid 5542] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 208768 [pid 5543] +++ killed by SIGBUS +++ [pid 5542] +++ killed by SIGBUS +++ [pid 5541] <... futex resumed>) = ? [pid 5541] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5544 attached , child_tidptr=0x55555720b690) = 5544 [pid 5544] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5544] chdir("./156") = 0 [pid 5544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5544] setpgid(0, 0) = 0 [pid 5544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5544] write(3, "1000", 4) = 4 [pid 5544] close(3) = 0 [pid 5544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5544] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5544] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5545 attached => {parent_tid=[5545]}, 88) = 5545 [pid 5545] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], [pid 5545] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5545] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 0 [pid 5544] <... futex resumed>) = 1 [pid 5544] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5545] memfd_create("syzkaller", 0) = 3 [pid 5545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5545] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5545] close(3) = 0 [pid 5545] mkdir("./file0", 0777) = 0 [pid 5545] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5545] chdir("./file0") = 0 [ 188.076931][ T5545] loop0: detected capacity change from 0 to 2048 [ 188.102927][ T5545] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 188.115189][ T5545] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5545] ioctl(4, LOOP_CLR_FD) = 0 [pid 5545] close(4) = 0 [pid 5545] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 0 [pid 5544] <... futex resumed>) = 1 [pid 5545] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5544] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... open resumed>) = 4 [pid 5545] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5544] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] ftruncate(5, 33587199 [pid 5544] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... ftruncate resumed>) = 0 [pid 5545] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5544] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5544] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5545] <... mmap resumed>) = 0x20000000 [pid 5545] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] <... mprotect resumed>) = 0 [pid 5545] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5546 attached [pid 5546] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5544] <... clone3 resumed> => {parent_tid=[5546]}, 88) = 5546 [pid 5546] <... rseq resumed>) = 0 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], [pid 5546] set_robust_list(0x7f50e61579a0, 24 [pid 5544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5546] <... set_robust_list resumed>) = 0 [pid 5544] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] rt_sigprocmask(SIG_SETMASK, [], [pid 5544] <... futex resumed>) = 0 [pid 5546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5544] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5546] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5546] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 0 [pid 5544] <... futex resumed>) = 1 [pid 5545] read(6, [pid 5544] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5544] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = 0 [pid 5544] <... futex resumed>) = 1 [pid 5544] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5546] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5545] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5545] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5545] +++ killed by SIGBUS +++ [pid 5544] <... futex resumed>) = ? [pid 5546] +++ killed by SIGBUS +++ [pid 5544] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5544, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5547 attached , child_tidptr=0x55555720b690) = 5547 [pid 5547] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5547] chdir("./157") = 0 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5547] setpgid(0, 0) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5547] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5548 attached [pid 5548] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5547] <... clone3 resumed> => {parent_tid=[5548]}, 88) = 5548 [pid 5548] <... rseq resumed>) = 0 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5548] set_robust_list(0x7f50e61789a0, 24 [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5548] <... set_robust_list resumed>) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] <... futex resumed>) = 0 [pid 5548] memfd_create("syzkaller", 0 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5548] <... memfd_create resumed>) = 3 [pid 5548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5548] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5548] close(3) = 0 [pid 5548] mkdir("./file0", 0777) = 0 [pid 5548] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5548] chdir("./file0") = 0 [pid 5548] ioctl(4, LOOP_CLR_FD) = 0 [pid 5548] close(4) = 0 [pid 5548] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... open resumed>) = 4 [pid 5548] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [ 188.927094][ T5548] loop0: detected capacity change from 0 to 2048 [ 188.952510][ T5548] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 188.964778][ T5548] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5548] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5548] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5548] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] ftruncate(5, 33587199 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... ftruncate resumed>) = 0 [pid 5548] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5548] <... futex resumed>) = 1 [pid 5547] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5547] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5548] <... mmap resumed>) = 0x20000000 [pid 5547] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5548] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... mprotect resumed>) = 0 [pid 5548] <... futex resumed>) = 0 [pid 5547] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5548] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5549 attached [pid 5549] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5547] <... clone3 resumed> => {parent_tid=[5549]}, 88) = 5549 [pid 5549] <... rseq resumed>) = 0 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] set_robust_list(0x7f50e61579a0, 24 [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] <... set_robust_list resumed>) = 0 [pid 5547] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5549] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5549] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... futex resumed>) = 0 [pid 5548] read(6, [pid 5547] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5547] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5547] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5549] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5548] <... read resumed>) = ? [pid 5547] <... futex resumed>) = ? [pid 5549] +++ killed by SIGBUS +++ [pid 5548] +++ killed by SIGBUS +++ [pid 5547] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5547, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5550 attached , child_tidptr=0x55555720b690) = 5550 [pid 5550] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5550] chdir("./158") = 0 [pid 5550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5550] setpgid(0, 0) = 0 [pid 5550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5550] write(3, "1000", 4) = 4 [pid 5550] close(3) = 0 [pid 5550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5550] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5550] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5551 attached => {parent_tid=[5551]}, 88) = 5551 [pid 5551] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5551] set_robust_list(0x7f50e61789a0, 24 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5551] <... set_robust_list resumed>) = 0 [pid 5551] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5550] <... futex resumed>) = 0 [pid 5551] memfd_create("syzkaller", 0 [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5551] <... memfd_create resumed>) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5551] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] mkdir("./file0", 0777) = 0 [pid 5551] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5551] chdir("./file0") = 0 [pid 5551] ioctl(4, LOOP_CLR_FD) = 0 [pid 5551] close(4) = 0 [pid 5551] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... open resumed>) = 4 [ 189.632669][ T5551] loop0: detected capacity change from 0 to 2048 [ 189.650049][ T5551] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 189.662370][ T5551] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5551] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5551] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5551] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5551] ftruncate(5, 33587199 [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... ftruncate resumed>) = 0 [pid 5551] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 0 [pid 5551] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5550] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5551] <... mmap resumed>) = 0x20000000 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5551] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5552]}, 88) = 5552 ./strace-static-x86_64: Process 5552 attached [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5552] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5552] set_robust_list(0x7f50e61579a0, 24 [pid 5550] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... set_robust_list resumed>) = 0 [pid 5550] <... futex resumed>) = 0 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5552] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5552] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5552] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] read(6, [pid 5550] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5550] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5552] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5551] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5551] ???() = ? [pid 5551] +++ killed by SIGBUS +++ [pid 5550] <... futex resumed>) = ? [pid 5552] +++ killed by SIGBUS +++ [pid 5550] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5550, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5553 attached , child_tidptr=0x55555720b690) = 5553 [pid 5553] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5553] chdir("./159") = 0 [pid 5553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5553] setpgid(0, 0) = 0 [pid 5553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5553] write(3, "1000", 4) = 4 [pid 5553] close(3) = 0 [pid 5553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5553] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5553] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5554 attached [pid 5554] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5553] <... clone3 resumed> => {parent_tid=[5554]}, 88) = 5554 [pid 5554] <... rseq resumed>) = 0 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], [pid 5554] set_robust_list(0x7f50e61789a0, 24 [pid 5553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5554] <... set_robust_list resumed>) = 0 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5553] <... futex resumed>) = 0 [pid 5554] memfd_create("syzkaller", 0 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5554] <... memfd_create resumed>) = 3 [pid 5554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5554] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5554] close(3) = 0 [pid 5554] mkdir("./file0", 0777) = 0 [pid 5554] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5554] chdir("./file0") = 0 [pid 5554] ioctl(4, LOOP_CLR_FD) = 0 [pid 5554] close(4) = 0 [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... futex resumed>) = 0 [pid 5554] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5553] <... futex resumed>) = 0 [pid 5554] <... open resumed>) = 5 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 190.266370][ T5554] loop0: detected capacity change from 0 to 2048 [ 190.281521][ T5554] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 190.293602][ T5554] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5554] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] ftruncate(5, 33587199 [pid 5553] <... futex resumed>) = 0 [pid 5554] <... ftruncate resumed>) = 0 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5554] <... futex resumed>) = 0 [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... mmap resumed>) = 0x20000000 [pid 5553] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... futex resumed>) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5554] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = 0 [pid 5553] <... futex resumed>) = 1 [pid 5554] read(6, [pid 5553] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5553] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5553] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5553] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5555 attached => {parent_tid=[5555]}, 88) = 5555 [pid 5555] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], [pid 5555] <... rseq resumed>) = 0 [pid 5553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5555] set_robust_list(0x7f50e61579a0, 24 [pid 5553] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... set_robust_list resumed>) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] <... futex resumed>) = 0 [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5553] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20064000} --- [pid 5554] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 294784 [pid 5554] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5554] +++ killed by SIGBUS +++ [pid 5553] <... futex resumed>) = ? [pid 5555] +++ killed by SIGBUS +++ [pid 5553] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5553, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5556 attached , child_tidptr=0x55555720b690) = 5556 [pid 5556] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5556] chdir("./160") = 0 [pid 5556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5556] setpgid(0, 0) = 0 [pid 5556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5556] write(3, "1000", 4) = 4 [pid 5556] close(3) = 0 [pid 5556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5556] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5556] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5557 attached => {parent_tid=[5557]}, 88) = 5557 [pid 5557] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5557] set_robust_list(0x7f50e61789a0, 24 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], [pid 5557] <... set_robust_list resumed>) = 0 [pid 5556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5557] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5557] memfd_create("syzkaller", 0) = 3 [pid 5557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5557] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5557] close(3) = 0 [pid 5557] mkdir("./file0", 0777) = 0 [pid 5557] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5557] chdir("./file0") = 0 [pid 5557] ioctl(4, LOOP_CLR_FD) = 0 [pid 5557] close(4) = 0 [pid 5557] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 191.042084][ T5557] loop0: detected capacity change from 0 to 2048 [ 191.059259][ T5557] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 191.071310][ T5557] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5557] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5557] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5557] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5556] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] ftruncate(5, 33587199 [pid 5556] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... ftruncate resumed>) = 0 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5557] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5557] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5556] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5556] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5556] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5557] <... mmap resumed>) = 0x20000000 [pid 5557] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5558 attached [pid 5558] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5556] <... clone3 resumed> => {parent_tid=[5558]}, 88) = 5558 [pid 5558] <... rseq resumed>) = 0 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], [pid 5558] set_robust_list(0x7f50e61579a0, 24 [pid 5556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5558] <... set_robust_list resumed>) = 0 [pid 5556] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] <... futex resumed>) = 0 [pid 5558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5556] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5558] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5558] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 1 [pid 5557] read(6, [pid 5556] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5556] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 1 [pid 5556] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5557] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5557] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5556] <... futex resumed>) = ? [pid 5558] +++ killed by SIGBUS +++ [pid 5557] +++ killed by SIGBUS +++ [pid 5556] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5556, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5559 attached , child_tidptr=0x55555720b690) = 5559 [pid 5559] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5559] chdir("./161") = 0 [pid 5559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5559] setpgid(0, 0) = 0 [pid 5559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5559] write(3, "1000", 4) = 4 [pid 5559] close(3) = 0 [pid 5559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5559] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5559] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5560 attached [pid 5560] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5559] <... clone3 resumed> => {parent_tid=[5560]}, 88) = 5560 [pid 5560] <... rseq resumed>) = 0 [pid 5560] set_robust_list(0x7f50e61789a0, 24 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], [pid 5560] <... set_robust_list resumed>) = 0 [pid 5559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], [pid 5559] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5559] <... futex resumed>) = 0 [pid 5560] memfd_create("syzkaller", 0 [pid 5559] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5560] <... memfd_create resumed>) = 3 [pid 5560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5560] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5560] close(3) = 0 [pid 5560] mkdir("./file0", 0777) = 0 [pid 5560] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5560] chdir("./file0") = 0 [pid 5560] ioctl(4, LOOP_CLR_FD) = 0 [pid 5560] close(4) = 0 [pid 5560] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5559] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... open resumed>) = 4 [pid 5560] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5559] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... open resumed>) = 5 [ 191.684821][ T5560] loop0: detected capacity change from 0 to 2048 [ 191.695058][ T5560] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 191.708113][ T5560] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5560] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5559] <... futex resumed>) = 1 [pid 5560] ftruncate(5, 33587199 [pid 5559] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... ftruncate resumed>) = 0 [pid 5560] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] <... futex resumed>) = 0 [pid 5559] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5559] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5559] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5559] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5559] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5559] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5560] <... mmap resumed>) = 0x20000000 [pid 5560] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5560] <... futex resumed>) = 0 [pid 5559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5560] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5561 attached [pid 5561] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5559] <... clone3 resumed> => {parent_tid=[5561]}, 88) = 5561 [pid 5561] <... rseq resumed>) = 0 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] set_robust_list(0x7f50e61579a0, 24 [pid 5559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] <... set_robust_list resumed>) = 0 [pid 5559] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5559] <... futex resumed>) = 0 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5559] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5561] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] <... futex resumed>) = 0 [pid 5559] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5559] <... futex resumed>) = 1 [pid 5560] read(6, [pid 5559] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5559] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5559] <... futex resumed>) = 1 [pid 5559] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5561] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5560] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5559] <... futex resumed>) = ? [pid 5561] +++ killed by SIGBUS +++ [pid 5560] +++ killed by SIGBUS +++ [pid 5559] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5562 attached , child_tidptr=0x55555720b690) = 5562 [pid 5562] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5562] chdir("./162") = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5562] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5562] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5563 attached [pid 5563] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5562] <... clone3 resumed> => {parent_tid=[5563]}, 88) = 5563 [pid 5563] <... rseq resumed>) = 0 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] set_robust_list(0x7f50e61789a0, 24 [pid 5562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] <... set_robust_list resumed>) = 0 [pid 5562] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5563] memfd_create("syzkaller", 0 [pid 5562] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] <... memfd_create resumed>) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5563] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] mkdir("./file0", 0777) = 0 [pid 5563] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] chdir("./file0") = 0 [pid 5563] ioctl(4, LOOP_CLR_FD) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5562] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... open resumed>) = 4 [pid 5563] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5563] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5562] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... open resumed>) = 5 [pid 5563] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5562] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] ftruncate(5, 33587199 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... ftruncate resumed>) = 0 [ 192.289773][ T5563] loop0: detected capacity change from 0 to 2048 [ 192.318151][ T5563] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 192.330144][ T5563] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5563] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5562] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5562] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5562] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5562] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5563] <... mmap resumed>) = 0x20000000 [pid 5562] <... mprotect resumed>) = 0 [pid 5563] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5563] <... futex resumed>) = 0 [pid 5562] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5564 attached [pid 5564] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5562] <... clone3 resumed> => {parent_tid=[5564]}, 88) = 5564 [pid 5564] set_robust_list(0x7f50e61579a0, 24 [pid 5563] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] rt_sigprocmask(SIG_SETMASK, [], [pid 5564] <... set_robust_list resumed>) = 0 [pid 5562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], [pid 5562] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5564] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5564] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5564] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5563] read(6, [pid 5562] <... futex resumed>) = 1 [pid 5562] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5562] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5562] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5563] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5564] +++ killed by SIGBUS +++ [pid 5562] <... futex resumed>) = ? [pid 5563] +++ killed by SIGBUS +++ [pid 5562] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5562, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5565 attached [pid 5565] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5565 [pid 5565] <... set_robust_list resumed>) = 0 [pid 5565] chdir("./163") = 0 [pid 5565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5565] setpgid(0, 0) = 0 [pid 5565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5565] write(3, "1000", 4) = 4 [pid 5565] close(3) = 0 [pid 5565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5565] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5565] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5566 attached [pid 5566] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5565] <... clone3 resumed> => {parent_tid=[5566]}, 88) = 5566 [pid 5566] set_robust_list(0x7f50e61789a0, 24 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], [pid 5566] <... set_robust_list resumed>) = 0 [pid 5565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5566] rt_sigprocmask(SIG_SETMASK, [], [pid 5565] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5565] <... futex resumed>) = 0 [pid 5566] memfd_create("syzkaller", 0 [pid 5565] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5566] <... memfd_create resumed>) = 3 [pid 5566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5566] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5566] close(3) = 0 [pid 5566] mkdir("./file0", 0777) = 0 [pid 5566] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5566] chdir("./file0") = 0 [pid 5566] ioctl(4, LOOP_CLR_FD) = 0 [pid 5566] close(4) = 0 [pid 5566] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] <... futex resumed>) = 0 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 192.990358][ T5566] loop0: detected capacity change from 0 to 2048 [ 193.006116][ T5566] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 193.017945][ T5566] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5565] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... open resumed>) = 4 [pid 5566] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] <... futex resumed>) = 0 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5565] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... open resumed>) = 5 [pid 5566] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] <... futex resumed>) = 0 [pid 5566] ftruncate(5, 33587199 [pid 5565] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... ftruncate resumed>) = 0 [pid 5566] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] <... futex resumed>) = 0 [pid 5566] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5565] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5565] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5565] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5567 attached [pid 5567] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5566] <... mmap resumed>) = 0x20000000 [pid 5565] <... clone3 resumed> => {parent_tid=[5567]}, 88) = 5567 [pid 5567] <... rseq resumed>) = 0 [pid 5567] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], [pid 5567] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5565] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] <... futex resumed>) = 0 [pid 5566] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... futex resumed>) = 1 [pid 5567] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5565] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... openat resumed>) = 6 [pid 5567] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5567] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... futex resumed>) = 0 [pid 5566] read(6, [pid 5565] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5565] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5567] <... futex resumed>) = 0 [pid 5567] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5566] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5565] <... futex resumed>) = ? [pid 5567] +++ killed by SIGBUS +++ [pid 5566] +++ killed by SIGBUS +++ [pid 5565] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5565, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5568 attached , child_tidptr=0x55555720b690) = 5568 [pid 5568] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5568] chdir("./164") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5568] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5568] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5569 attached [pid 5569] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5568] <... clone3 resumed> => {parent_tid=[5569]}, 88) = 5569 [pid 5569] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], [pid 5569] rt_sigprocmask(SIG_SETMASK, [], [pid 5568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5568] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] memfd_create("syzkaller", 0 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5569] <... memfd_create resumed>) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5569] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5569] close(3) = 0 [pid 5569] mkdir("./file0", 0777) = 0 [pid 5569] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5569] chdir("./file0") = 0 [pid 5569] ioctl(4, LOOP_CLR_FD) = 0 [pid 5569] close(4) = 0 [pid 5569] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] <... futex resumed>) = 0 [pid 5569] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 193.735329][ T5569] loop0: detected capacity change from 0 to 2048 [ 193.764193][ T5569] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 193.775866][ T5569] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5568] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... open resumed>) = 4 [pid 5569] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5568] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... open resumed>) = 5 [pid 5569] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] ftruncate(5, 33587199 [pid 5568] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... ftruncate resumed>) = 0 [pid 5569] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5569] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... futex resumed>) = 0 [pid 5569] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5568] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5568] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5568] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5570 attached [pid 5570] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5568] <... clone3 resumed> => {parent_tid=[5570]}, 88) = 5570 [pid 5570] <... rseq resumed>) = 0 [pid 5570] set_robust_list(0x7f50e61579a0, 24 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] <... set_robust_list resumed>) = 0 [pid 5568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5568] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5570] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5570] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] <... futex resumed>) = 0 [pid 5570] read(6, [pid 5568] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5568] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5568] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5571 attached [pid 5571] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5568] <... clone3 resumed> => {parent_tid=[5571]}, 88) = 5571 [pid 5571] <... rseq resumed>) = 0 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] set_robust_list(0x7f50e61369a0, 24 [pid 5568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] <... set_robust_list resumed>) = 0 [pid 5568] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5568] <... futex resumed>) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5568] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5569] <... mmap resumed>) = 0x20000000 [pid 5569] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5570] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5569] <... futex resumed>) = ? [pid 5569] +++ killed by SIGBUS +++ [pid 5568] <... futex resumed>) = ? [pid 5571] +++ killed by SIGBUS +++ [pid 5570] +++ killed by SIGBUS +++ [pid 5568] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5568, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5572 attached [pid 5572] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5572 [pid 5572] <... set_robust_list resumed>) = 0 [pid 5572] chdir("./165") = 0 [pid 5572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5572] setpgid(0, 0) = 0 [pid 5572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5572] write(3, "1000", 4) = 4 [pid 5572] close(3) = 0 [pid 5572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5572] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5573 attached [pid 5573] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5572] <... clone3 resumed> => {parent_tid=[5573]}, 88) = 5573 [pid 5573] set_robust_list(0x7f50e61789a0, 24 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], [pid 5573] <... set_robust_list resumed>) = 0 [pid 5572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5573] rt_sigprocmask(SIG_SETMASK, [], [pid 5572] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5572] <... futex resumed>) = 0 [pid 5573] memfd_create("syzkaller", 0 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5573] <... memfd_create resumed>) = 3 [pid 5573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5573] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5573] close(3) = 0 [pid 5573] mkdir("./file0", 0777) = 0 [pid 5573] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5573] chdir("./file0") = 0 [pid 5573] ioctl(4, LOOP_CLR_FD) = 0 [pid 5573] close(4) = 0 [pid 5573] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... open resumed>) = 4 [pid 5573] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5573] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [ 194.461054][ T5573] loop0: detected capacity change from 0 to 2048 [ 194.476525][ T5573] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 194.490202][ T5573] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5572] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5572] <... futex resumed>) = 0 [pid 5573] <... open resumed>) = 5 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5572] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] ftruncate(5, 33587199 [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... ftruncate resumed>) = 0 [pid 5573] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5573] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5573] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5572] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5573] <... mmap resumed>) = 0x20000000 [pid 5573] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... mmap resumed>) = 0x7f50e6137000 [pid 5572] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5574 attached => {parent_tid=[5574]}, 88) = 5574 [pid 5574] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] set_robust_list(0x7f50e61579a0, 24 [pid 5572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5574] <... set_robust_list resumed>) = 0 [pid 5572] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], [pid 5572] <... futex resumed>) = 0 [pid 5574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5572] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5574] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5574] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5573] read(6, [pid 5572] <... futex resumed>) = 1 [pid 5572] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5572] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5572] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5574] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5573] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5572] <... futex resumed>) = ? [pid 5574] +++ killed by SIGBUS +++ [pid 5573] +++ killed by SIGBUS +++ [pid 5572] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5572, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555720b690) = 5575 ./strace-static-x86_64: Process 5575 attached [pid 5575] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5575] chdir("./166") = 0 [pid 5575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5575] setpgid(0, 0) = 0 [pid 5575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5575] write(3, "1000", 4) = 4 [pid 5575] close(3) = 0 [pid 5575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5575] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5575] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5576 attached [pid 5576] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5575] <... clone3 resumed> => {parent_tid=[5576]}, 88) = 5576 [pid 5576] <... rseq resumed>) = 0 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5576] set_robust_list(0x7f50e61789a0, 24 [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5576] <... set_robust_list resumed>) = 0 [pid 5575] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] <... futex resumed>) = 0 [pid 5576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5576] memfd_create("syzkaller", 0) = 3 [pid 5576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5576] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5576] close(3) = 0 [pid 5576] mkdir("./file0", 0777) = 0 [ 195.180990][ T5576] loop0: detected capacity change from 0 to 2048 [ 195.213481][ T5576] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5576] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5576] chdir("./file0") = 0 [pid 5576] ioctl(4, LOOP_CLR_FD) = 0 [pid 5576] close(4) = 0 [pid 5576] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 195.225654][ T5576] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5575] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] <... open resumed>) = 4 [pid 5575] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5575] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] <... open resumed>) = 5 [pid 5575] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5575] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] ftruncate(5, 33587199) = 0 [pid 5576] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5575] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5575] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5575] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5577 attached [pid 5577] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5577] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5575] <... clone3 resumed> => {parent_tid=[5577]}, 88) = 5577 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5576] <... mmap resumed>) = 0x20000000 [pid 5577] <... openat resumed>) = 6 [pid 5577] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 0 [pid 5577] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] <... futex resumed>) = 0 [pid 5576] read(6, [pid 5575] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5575] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 1 [pid 5575] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5576] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5575] <... futex resumed>) = ? [pid 5577] +++ killed by SIGBUS +++ [pid 5576] +++ killed by SIGBUS +++ [pid 5575] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5575, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5578 attached , child_tidptr=0x55555720b690) = 5578 [pid 5578] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5578] chdir("./167") = 0 [pid 5578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5578] setpgid(0, 0) = 0 [pid 5578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5578] write(3, "1000", 4) = 4 [pid 5578] close(3) = 0 [pid 5578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5578] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5579 attached [pid 5579] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5578] <... clone3 resumed> => {parent_tid=[5579]}, 88) = 5579 [pid 5579] <... rseq resumed>) = 0 [pid 5579] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], [pid 5579] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5579] memfd_create("syzkaller", 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5579] <... memfd_create resumed>) = 3 [pid 5579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5579] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5579] close(3) = 0 [pid 5579] mkdir("./file0", 0777) = 0 [pid 5579] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5579] chdir("./file0") = 0 [pid 5579] ioctl(4, LOOP_CLR_FD) = 0 [pid 5579] close(4) = 0 [pid 5579] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 195.826212][ T5579] loop0: detected capacity change from 0 to 2048 [ 195.836604][ T5579] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 195.848612][ T5579] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5579] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5579] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5579] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5579] <... futex resumed>) = 1 [pid 5578] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] ftruncate(5, 33587199 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... ftruncate resumed>) = 0 [pid 5579] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5579] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5578] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5578] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5579] <... mmap resumed>) = 0x20000000 [pid 5578] <... mprotect resumed>) = 0 [pid 5579] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5579] <... futex resumed>) = 0 [pid 5578] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5579] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5580 attached [pid 5580] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5578] <... clone3 resumed> => {parent_tid=[5580]}, 88) = 5580 [pid 5580] <... rseq resumed>) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], [pid 5580] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5580] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5580] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5580] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5578] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] read(6, [pid 5578] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5578] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5578] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5579] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5578] <... futex resumed>) = ? [pid 5579] +++ killed by SIGBUS +++ [pid 5580] +++ killed by SIGBUS +++ [pid 5578] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5578, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5581 attached , child_tidptr=0x55555720b690) = 5581 [pid 5581] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5581] chdir("./168") = 0 [pid 5581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5581] setpgid(0, 0) = 0 [pid 5581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5581] write(3, "1000", 4) = 4 [pid 5581] close(3) = 0 [pid 5581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5581] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5582 attached [pid 5582] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5581] <... clone3 resumed> => {parent_tid=[5582]}, 88) = 5582 [pid 5582] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], [pid 5582] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] memfd_create("syzkaller", 0 [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5582] <... memfd_create resumed>) = 3 [pid 5582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5582] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5582] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5582] close(3) = 0 [pid 5582] mkdir("./file0", 0777) = 0 [pid 5582] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5582] chdir("./file0") = 0 [pid 5582] ioctl(4, LOOP_CLR_FD) = 0 [pid 5582] close(4) = 0 [ 196.549656][ T5582] loop0: detected capacity change from 0 to 2048 [ 196.565498][ T5582] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 196.578000][ T5582] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5582] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5582] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... open resumed>) = 4 [pid 5582] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5582] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5581] <... futex resumed>) = 0 [pid 5582] <... open resumed>) = 5 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] ftruncate(5, 33587199 [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... ftruncate resumed>) = 0 [pid 5582] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = 0 [pid 5582] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5581] <... futex resumed>) = 1 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5581] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5581] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5582] <... mmap resumed>) = 0x20000000 [pid 5581] <... mprotect resumed>) = 0 [pid 5582] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5582] <... futex resumed>) = 0 [pid 5581] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5583 attached [pid 5582] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5581] <... clone3 resumed> => {parent_tid=[5583]}, 88) = 5583 [pid 5583] set_robust_list(0x7f50e61579a0, 24 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], [pid 5583] <... set_robust_list resumed>) = 0 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5583] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5583] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] read(6, [pid 5581] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5581] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5581] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5583] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5582] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5581] <... futex resumed>) = ? [pid 5583] +++ killed by SIGBUS +++ [pid 5582] +++ killed by SIGBUS +++ [pid 5581] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5581, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5584 attached , child_tidptr=0x55555720b690) = 5584 [pid 5584] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5584] chdir("./169") = 0 [pid 5584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5584] setpgid(0, 0) = 0 [pid 5584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5584] write(3, "1000", 4) = 4 [pid 5584] close(3) = 0 [pid 5584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5584] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5585 attached [pid 5585] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5585] set_robust_list(0x7f50e61789a0, 24 [pid 5584] <... clone3 resumed> => {parent_tid=[5585]}, 88) = 5585 [pid 5585] <... set_robust_list resumed>) = 0 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5584] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] memfd_create("syzkaller", 0 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5585] <... memfd_create resumed>) = 3 [pid 5585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5585] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5585] close(3) = 0 [pid 5585] mkdir("./file0", 0777) = 0 [pid 5585] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5585] chdir("./file0") = 0 [pid 5585] ioctl(4, LOOP_CLR_FD) = 0 [pid 5585] close(4) = 0 [pid 5585] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5585] <... futex resumed>) = 1 [pid 5584] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] <... open resumed>) = 4 [pid 5585] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5585] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] <... futex resumed>) = 0 [pid 5585] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] <... open resumed>) = 5 [ 197.279223][ T5585] loop0: detected capacity change from 0 to 2048 [ 197.295178][ T5585] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 197.307249][ T5585] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5585] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5585] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] ftruncate(5, 33587199 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] <... ftruncate resumed>) = 0 [pid 5585] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5585] <... futex resumed>) = 0 [pid 5584] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5584] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5584] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5585] <... mmap resumed>) = 0x20000000 [pid 5584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5585] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5586 attached [pid 5586] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5585] <... futex resumed>) = 0 [pid 5584] <... clone3 resumed> => {parent_tid=[5586]}, 88) = 5586 [pid 5586] <... rseq resumed>) = 0 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5586] set_robust_list(0x7f50e61579a0, 24 [pid 5585] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5586] <... set_robust_list resumed>) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5586] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5586] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = 0 [pid 5585] read(6, [pid 5584] <... futex resumed>) = 1 [pid 5584] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5584] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5584] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5586] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5585] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5584] <... futex resumed>) = ? [pid 5586] +++ killed by SIGBUS +++ [pid 5585] +++ killed by SIGBUS +++ [pid 5584] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5584, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5587 attached , child_tidptr=0x55555720b690) = 5587 [pid 5587] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5587] chdir("./170") = 0 [pid 5587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5587] setpgid(0, 0) = 0 [pid 5587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5587] write(3, "1000", 4) = 4 [pid 5587] close(3) = 0 [pid 5587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5587] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5587] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5588 attached [pid 5588] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5587] <... clone3 resumed> => {parent_tid=[5588]}, 88) = 5588 [pid 5588] <... rseq resumed>) = 0 [pid 5588] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5588] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5587] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5587] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5588] memfd_create("syzkaller", 0) = 3 [pid 5588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5588] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5588] close(3) = 0 [pid 5588] mkdir("./file0", 0777) = 0 [pid 5588] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5588] chdir("./file0") = 0 [pid 5588] ioctl(4, LOOP_CLR_FD) = 0 [pid 5588] close(4) = 0 [pid 5588] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5588] <... futex resumed>) = 1 [pid 5587] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5587] <... futex resumed>) = 0 [ 198.014649][ T5588] loop0: detected capacity change from 0 to 2048 [ 198.031927][ T5588] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 198.044666][ T5588] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5588] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... futex resumed>) = 0 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5588] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5587] <... futex resumed>) = 0 [pid 5588] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5587] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5588] ftruncate(5, 33587199 [pid 5587] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... ftruncate resumed>) = 0 [pid 5588] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5587] <... futex resumed>) = 0 [pid 5588] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5587] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5587] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5587] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5588] <... mmap resumed>) = 0x20000000 [pid 5588] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... mprotect resumed>) = 0 [pid 5588] <... futex resumed>) = 0 [pid 5587] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5588] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5589 attached => {parent_tid=[5589]}, 88) = 5589 [pid 5589] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5587] rt_sigprocmask(SIG_SETMASK, [], [pid 5589] set_robust_list(0x7f50e61579a0, 24 [pid 5587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5589] <... set_robust_list resumed>) = 0 [pid 5587] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] rt_sigprocmask(SIG_SETMASK, [], [pid 5587] <... futex resumed>) = 0 [pid 5589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5587] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5589] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5587] <... futex resumed>) = 1 [pid 5588] read(6, [pid 5587] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5587] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = 0 [pid 5587] <... futex resumed>) = 1 [pid 5587] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5589] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5588] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5587] <... futex resumed>) = ? [pid 5589] +++ killed by SIGBUS +++ [pid 5588] +++ killed by SIGBUS +++ [pid 5587] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5587, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5590 attached , child_tidptr=0x55555720b690) = 5590 [pid 5590] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5590] chdir("./171") = 0 [pid 5590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5590] setpgid(0, 0) = 0 [pid 5590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5590] write(3, "1000", 4) = 4 [pid 5590] close(3) = 0 [pid 5590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5590] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5591 attached [pid 5591] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5590] <... clone3 resumed> => {parent_tid=[5591]}, 88) = 5591 [pid 5591] set_robust_list(0x7f50e61789a0, 24 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], [pid 5591] <... set_robust_list resumed>) = 0 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] memfd_create("syzkaller", 0 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5591] <... memfd_create resumed>) = 3 [pid 5591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5591] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5591] close(3) = 0 [pid 5591] mkdir("./file0", 0777) = 0 [pid 5591] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5591] chdir("./file0") = 0 [pid 5591] ioctl(4, LOOP_CLR_FD) = 0 [pid 5591] close(4) = 0 [pid 5591] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5590] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... open resumed>) = 4 [ 198.674322][ T5591] loop0: detected capacity change from 0 to 2048 [ 198.690336][ T5591] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 198.702594][ T5591] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5591] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5591] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... futex resumed>) = 1 [pid 5591] ftruncate(5, 33587199) = 0 [pid 5591] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... futex resumed>) = 1 [pid 5591] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5590] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5590] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5590] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5592 attached [pid 5592] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5590] <... clone3 resumed> => {parent_tid=[5592]}, 88) = 5592 [pid 5592] <... rseq resumed>) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], [pid 5592] set_robust_list(0x7f50e61579a0, 24 [pid 5590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5592] <... set_robust_list resumed>) = 0 [pid 5590] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] <... futex resumed>) = 0 [pid 5592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5592] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] <... mmap resumed>) = 0x20000000 [pid 5590] <... futex resumed>) = 0 [pid 5591] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = 0 [pid 5591] <... futex resumed>) = 0 [pid 5590] <... futex resumed>) = 1 [pid 5592] read(6, [pid 5591] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5590] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5590] <... futex resumed>) = 1 [pid 5590] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5591] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5592] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5590] <... futex resumed>) = ? [pid 5592] +++ killed by SIGBUS +++ [pid 5591] +++ killed by SIGBUS +++ [pid 5590] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5590, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5593 attached , child_tidptr=0x55555720b690) = 5593 [pid 5593] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5593] chdir("./172") = 0 [pid 5593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5593] setpgid(0, 0) = 0 [pid 5593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5593] write(3, "1000", 4) = 4 [pid 5593] close(3) = 0 [pid 5593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5593] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5593] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5593] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5594 attached => {parent_tid=[5594]}, 88) = 5594 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5594] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5593] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... rseq resumed>) = 0 [pid 5593] <... futex resumed>) = 0 [pid 5594] set_robust_list(0x7f50e61789a0, 24 [pid 5593] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5594] <... set_robust_list resumed>) = 0 [pid 5594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5594] memfd_create("syzkaller", 0) = 3 [pid 5594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5594] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5594] close(3) = 0 [pid 5594] mkdir("./file0", 0777) = 0 [pid 5594] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5594] chdir("./file0") = 0 [pid 5594] ioctl(4, LOOP_CLR_FD) = 0 [pid 5594] close(4) = 0 [pid 5594] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5593] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5594] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5594] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = 1 [pid 5594] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [ 199.390427][ T5594] loop0: detected capacity change from 0 to 2048 [ 199.401385][ T5594] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 199.413497][ T5594] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5593] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = 1 [pid 5594] ftruncate(5, 33587199 [pid 5593] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] <... ftruncate resumed>) = 0 [pid 5594] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5594] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5593] <... futex resumed>) = 0 [pid 5594] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5593] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5593] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5593] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5594] <... mmap resumed>) = 0x20000000 [pid 5593] <... mprotect resumed>) = 0 [pid 5594] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5595 attached => {parent_tid=[5595]}, 88) = 5595 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], [pid 5595] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5595] <... rseq resumed>) = 0 [pid 5595] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5593] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], [pid 5593] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5595] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5595] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] <... futex resumed>) = 0 [pid 5595] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5594] read(6, [pid 5593] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5593] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5595] <... futex resumed>) = 0 [pid 5595] memfd_create("syzkaller", 0) = 7 [pid 5595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5595] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5595] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5595] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5595] ioctl(8, LOOP_CLR_FD) = 0 [pid 5595] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5595] close(8) = 0 [pid 5595] close(7) = 0 [pid 5595] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... futex resumed>) = 0 [pid 5594] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 728960 [pid 5594] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] exit_group(0 [pid 5594] exit_group(0 [pid 5594] +++ exited with 0 +++ [pid 5593] <... exit_group resumed>) = ? [pid 5595] <... futex resumed>) = ? [pid 5595] +++ exited with 0 +++ [pid 5593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5593, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 [ 200.197346][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.197346][ T2805] loop0: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 200.210995][ T2805] buffer_io_error: 13 callbacks suppressed [ 200.211007][ T2805] Buffer I/O error on dev loop0, logical block 2048, lost async page write [ 200.225523][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.225523][ T2805] loop0: rw=1, sector=2048, nr_sectors = 1 limit=2048 [ 200.239118][ T2805] Buffer I/O error on dev loop0, logical block 2048, lost async page write [ 200.247924][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.247924][ T2805] loop0: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 200.261531][ T2805] Buffer I/O error on dev loop0, logical block 2049, lost async page write [ 200.270142][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.270142][ T2805] loop0: rw=1, sector=2049, nr_sectors = 1 limit=2048 [ 200.283735][ T2805] Buffer I/O error on dev loop0, logical block 2049, lost async page write [ 200.292514][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.292514][ T2805] loop0: rw=1, sector=2050, nr_sectors = 1 limit=2048 [ 200.306178][ T2805] Buffer I/O error on dev loop0, logical block 2050, lost async page write [ 200.314832][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.314832][ T2805] loop0: rw=1, sector=2050, nr_sectors = 1 limit=2048 [ 200.328412][ T2805] Buffer I/O error on dev loop0, logical block 2050, lost async page write [ 200.337061][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.337061][ T2805] loop0: rw=1, sector=2051, nr_sectors = 1 limit=2048 [ 200.350695][ T2805] Buffer I/O error on dev loop0, logical block 2051, lost async page write [ 200.359373][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.359373][ T2805] loop0: rw=1, sector=2051, nr_sectors = 1 limit=2048 [ 200.372974][ T2805] Buffer I/O error on dev loop0, logical block 2051, lost async page write [ 200.381683][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.381683][ T2805] loop0: rw=1, sector=2052, nr_sectors = 1 limit=2048 [ 200.395376][ T2805] Buffer I/O error on dev loop0, logical block 2052, lost async page write [ 200.404067][ T2805] kworker/u4:10: attempt to access beyond end of device [ 200.404067][ T2805] loop0: rw=1, sector=2052, nr_sectors = 1 limit=2048 [ 200.417703][ T2805] Buffer I/O error on dev loop0, logical block 2052, lost async page write umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5596 attached , child_tidptr=0x55555720b690) = 5596 [pid 5596] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5596] chdir("./173") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5596] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5597 attached [pid 5597] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5596] <... clone3 resumed> => {parent_tid=[5597]}, 88) = 5597 [pid 5597] <... rseq resumed>) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5597] set_robust_list(0x7f50e61789a0, 24 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5597] <... set_robust_list resumed>) = 0 [pid 5596] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5597] memfd_create("syzkaller", 0) = 3 [pid 5597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5597] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5597] close(3) = 0 [pid 5597] mkdir("./file0", 0777) = 0 [pid 5597] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5597] chdir("./file0") = 0 [pid 5597] ioctl(4, LOOP_CLR_FD) = 0 [pid 5597] close(4) = 0 [pid 5597] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5596] <... futex resumed>) = 1 [pid 5597] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5596] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... open resumed>) = 4 [ 200.768805][ T5597] loop0: detected capacity change from 0 to 2048 [ 200.783423][ T5597] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 200.795473][ T5597] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5597] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5597] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5596] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] ftruncate(5, 33587199) = 0 [pid 5597] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5596] <... futex resumed>) = 1 [pid 5597] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5596] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5596] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5596] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5597] <... mmap resumed>) = 0x20000000 [pid 5596] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5597] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5598 attached [pid 5598] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5596] <... clone3 resumed> => {parent_tid=[5598]}, 88) = 5598 [pid 5598] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5598] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5596] <... futex resumed>) = 1 [pid 5596] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5598] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5598] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5597] read(6, [pid 5596] <... futex resumed>) = 1 [pid 5596] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5596] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5596] <... futex resumed>) = 1 [pid 5596] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5598] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5597] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5596] <... futex resumed>) = ? [pid 5598] +++ killed by SIGBUS +++ [pid 5597] +++ killed by SIGBUS +++ [pid 5596] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5596, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5599 attached , child_tidptr=0x55555720b690) = 5599 [pid 5599] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5599] chdir("./174") = 0 [pid 5599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5599] setpgid(0, 0) = 0 [pid 5599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5599] write(3, "1000", 4) = 4 [pid 5599] close(3) = 0 [pid 5599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5599] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5599] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5599] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5600 attached [pid 5600] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5599] <... clone3 resumed> => {parent_tid=[5600]}, 88) = 5600 [pid 5600] <... rseq resumed>) = 0 [pid 5599] rt_sigprocmask(SIG_SETMASK, [], [pid 5600] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], [pid 5599] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5600] memfd_create("syzkaller", 0 [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5600] <... memfd_create resumed>) = 3 [pid 5600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5600] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5600] close(3) = 0 [pid 5600] mkdir("./file0", 0777) = 0 [pid 5600] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5600] chdir("./file0") = 0 [pid 5600] ioctl(4, LOOP_CLR_FD) = 0 [pid 5600] close(4) = 0 [ 201.461506][ T5600] loop0: detected capacity change from 0 to 2048 [ 201.477354][ T5600] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 201.489309][ T5600] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5600] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] <... futex resumed>) = 0 [pid 5600] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5599] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... open resumed>) = 4 [pid 5600] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] <... futex resumed>) = 0 [pid 5600] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5599] <... futex resumed>) = 0 [pid 5600] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... open resumed>) = 5 [pid 5600] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] <... futex resumed>) = 1 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] ftruncate(5, 33587199) = 0 [pid 5600] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5599] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5599] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5600] <... mmap resumed>) = 0x20000000 [pid 5599] <... mprotect resumed>) = 0 [pid 5600] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5600] <... futex resumed>) = 0 [pid 5599] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5601 attached [pid 5601] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5599] <... clone3 resumed> => {parent_tid=[5601]}, 88) = 5601 [pid 5601] <... rseq resumed>) = 0 [pid 5601] set_robust_list(0x7f50e61579a0, 24 [pid 5599] rt_sigprocmask(SIG_SETMASK, [], [pid 5601] <... set_robust_list resumed>) = 0 [pid 5600] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], [pid 5599] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5601] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] <... futex resumed>) = 0 [pid 5601] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... futex resumed>) = 0 [pid 5600] read(6, [pid 5599] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5599] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5599] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5600] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5600] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5599] <... futex resumed>) = ? [pid 5601] +++ killed by SIGBUS +++ [pid 5600] +++ killed by SIGBUS +++ [pid 5599] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5599, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5602 attached [pid 5602] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5602 [pid 5602] <... set_robust_list resumed>) = 0 [pid 5602] chdir("./175") = 0 [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0) = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5602] write(3, "1000", 4) = 4 [pid 5602] close(3) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5602] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5602] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5603 attached [pid 5603] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5602] <... clone3 resumed> => {parent_tid=[5603]}, 88) = 5603 [pid 5603] set_robust_list(0x7f50e61789a0, 24 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], [pid 5603] <... set_robust_list resumed>) = 0 [pid 5602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], [pid 5602] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5602] <... futex resumed>) = 0 [pid 5603] memfd_create("syzkaller", 0 [pid 5602] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5603] <... memfd_create resumed>) = 3 [pid 5603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5603] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5603] close(3) = 0 [pid 5603] mkdir("./file0", 0777) = 0 [pid 5603] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5603] chdir("./file0") = 0 [pid 5603] ioctl(4, LOOP_CLR_FD) = 0 [pid 5603] close(4) = 0 [pid 5603] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... open resumed>) = 4 [pid 5603] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5603] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5602] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... open resumed>) = 5 [pid 5603] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 202.191176][ T5603] loop0: detected capacity change from 0 to 2048 [ 202.211658][ T5603] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 202.223419][ T5603] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5603] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... futex resumed>) = 0 [pid 5603] ftruncate(5, 33587199) = 0 [pid 5603] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5603] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] <... futex resumed>) = 0 [pid 5603] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5602] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5602] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5602] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5603] <... mmap resumed>) = 0x20000000 [pid 5603] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5604 attached [pid 5604] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5602] <... clone3 resumed> => {parent_tid=[5604]}, 88) = 5604 [pid 5604] <... rseq resumed>) = 0 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], [pid 5604] set_robust_list(0x7f50e61579a0, 24 [pid 5602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5604] <... set_robust_list resumed>) = 0 [pid 5602] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], [pid 5602] <... futex resumed>) = 0 [pid 5604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5602] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5604] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5604] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... futex resumed>) = 0 [pid 5603] read(6, [pid 5602] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5602] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5602] <... futex resumed>) = 1 [pid 5602] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5604] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5603] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5603] +++ killed by SIGBUS +++ [pid 5602] <... futex resumed>) = ? [pid 5604] +++ killed by SIGBUS +++ [pid 5602] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5602, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5605 attached , child_tidptr=0x55555720b690) = 5605 [pid 5605] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5605] chdir("./176") = 0 [pid 5605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5605] setpgid(0, 0) = 0 [pid 5605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5605] write(3, "1000", 4) = 4 [pid 5605] close(3) = 0 [pid 5605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5605] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5605] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5605] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5606 attached [pid 5606] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5605] <... clone3 resumed> => {parent_tid=[5606]}, 88) = 5606 [pid 5606] set_robust_list(0x7f50e61789a0, 24 [pid 5605] rt_sigprocmask(SIG_SETMASK, [], [pid 5606] <... set_robust_list resumed>) = 0 [pid 5605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], [pid 5605] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5605] <... futex resumed>) = 0 [pid 5606] memfd_create("syzkaller", 0 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5606] <... memfd_create resumed>) = 3 [pid 5606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5606] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5606] close(3) = 0 [pid 5606] mkdir("./file0", 0777) = 0 [pid 5606] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5606] chdir("./file0") = 0 [pid 5606] ioctl(4, LOOP_CLR_FD) = 0 [pid 5606] close(4) = 0 [pid 5606] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] <... futex resumed>) = 0 [pid 5605] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... futex resumed>) = 0 [pid 5606] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 202.829091][ T5606] loop0: detected capacity change from 0 to 2048 [ 202.845092][ T5606] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 202.857256][ T5606] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5606] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5606] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5605] <... futex resumed>) = 0 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... open resumed>) = 5 [pid 5606] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5605] <... futex resumed>) = 1 [pid 5606] ftruncate(5, 33587199 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... ftruncate resumed>) = 0 [pid 5606] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5606] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5605] <... futex resumed>) = 0 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5605] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5605] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5605] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5606] <... mmap resumed>) = 0x20000000 [pid 5605] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5606] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5607 attached [pid 5607] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5605] <... clone3 resumed> => {parent_tid=[5607]}, 88) = 5607 [pid 5607] <... rseq resumed>) = 0 [pid 5605] rt_sigprocmask(SIG_SETMASK, [], [pid 5607] set_robust_list(0x7f50e61579a0, 24 [pid 5605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5607] <... set_robust_list resumed>) = 0 [pid 5605] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5605] <... futex resumed>) = 0 [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5605] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5607] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] <... futex resumed>) = 0 [pid 5605] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5606] read(6, [pid 5605] <... futex resumed>) = 1 [pid 5605] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5605] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5605] <... futex resumed>) = 1 [pid 5605] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5607] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006e000} --- [pid 5606] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 253824 [pid 5606] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5606] +++ killed by SIGBUS +++ [pid 5605] <... futex resumed>) = ? [pid 5607] +++ killed by SIGBUS +++ [pid 5605] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5605, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5608 attached , child_tidptr=0x55555720b690) = 5608 [pid 5608] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5608] chdir("./177") = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5608] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5609 attached [pid 5609] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5608] <... clone3 resumed> => {parent_tid=[5609]}, 88) = 5609 [pid 5609] <... rseq resumed>) = 0 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], [pid 5609] set_robust_list(0x7f50e61789a0, 24 [pid 5608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5609] <... set_robust_list resumed>) = 0 [pid 5608] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] <... futex resumed>) = 0 [pid 5609] memfd_create("syzkaller", 0 [pid 5608] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5609] <... memfd_create resumed>) = 3 [pid 5609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5609] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5609] close(3) = 0 [pid 5609] mkdir("./file0", 0777) = 0 [pid 5609] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5609] chdir("./file0") = 0 [pid 5609] ioctl(4, LOOP_CLR_FD) = 0 [pid 5609] close(4) = 0 [pid 5609] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5609] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5608] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... open resumed>) = 4 [pid 5609] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 203.558658][ T5609] loop0: detected capacity change from 0 to 2048 [ 203.575258][ T5609] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 203.587433][ T5609] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5609] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5609] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5608] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... open resumed>) = 5 [pid 5609] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5609] ftruncate(5, 33587199 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... ftruncate resumed>) = 0 [pid 5609] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5608] <... futex resumed>) = 0 [pid 5609] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5608] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5608] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5608] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5609] <... mmap resumed>) = 0x20000000 [pid 5608] <... mprotect resumed>) = 0 [pid 5609] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5609] <... futex resumed>) = 0 [pid 5609] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5610 attached [pid 5610] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5608] <... clone3 resumed> => {parent_tid=[5610]}, 88) = 5610 [pid 5610] <... rseq resumed>) = 0 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], [pid 5610] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5610] rt_sigprocmask(SIG_SETMASK, [], [pid 5608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5610] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5610] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5610] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5610] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5608] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] read(6, [pid 5608] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5608] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5608] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5609] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5608] <... futex resumed>) = ? [pid 5610] +++ killed by SIGBUS +++ [pid 5609] +++ killed by SIGBUS +++ [pid 5608] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5608, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5611 attached , child_tidptr=0x55555720b690) = 5611 [pid 5611] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5611] chdir("./178") = 0 [pid 5611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5611] setpgid(0, 0) = 0 [pid 5611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5611] write(3, "1000", 4) = 4 [pid 5611] close(3) = 0 [pid 5611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5611] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5611] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5612 attached [pid 5612] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5611] <... clone3 resumed> => {parent_tid=[5612]}, 88) = 5612 [pid 5612] set_robust_list(0x7f50e61789a0, 24 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5612] <... set_robust_list resumed>) = 0 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] memfd_create("syzkaller", 0 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5612] <... memfd_create resumed>) = 3 [pid 5612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5612] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5612] close(3) = 0 [pid 5612] mkdir("./file0", 0777) = 0 [pid 5612] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5612] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5612] chdir("./file0") = 0 [pid 5612] ioctl(4, LOOP_CLR_FD) = 0 [pid 5612] close(4) = 0 [pid 5612] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5612] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] <... futex resumed>) = 0 [pid 5612] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5611] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... open resumed>) = 4 [ 204.410383][ T5612] loop0: detected capacity change from 0 to 2048 [ 204.426492][ T5612] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 204.438542][ T5612] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5612] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5612] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = 0 [pid 5611] <... futex resumed>) = 1 [pid 5611] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5612] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5612] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] <... futex resumed>) = 0 [pid 5612] ftruncate(5, 33587199 [pid 5611] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... ftruncate resumed>) = 0 [pid 5612] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5612] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5611] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5611] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5612] <... mmap resumed>) = 0x20000000 [pid 5611] <... mprotect resumed>) = 0 [pid 5612] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5612] <... futex resumed>) = 0 [pid 5611] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5612] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5613 attached [pid 5613] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5611] <... clone3 resumed> => {parent_tid=[5613]}, 88) = 5613 [pid 5613] <... rseq resumed>) = 0 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] set_robust_list(0x7f50e61579a0, 24 [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5613] <... set_robust_list resumed>) = 0 [pid 5611] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5613] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5613] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = 0 [pid 5611] <... futex resumed>) = 1 [pid 5612] read(6, [pid 5611] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5611] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = 0 [pid 5611] <... futex resumed>) = 1 [pid 5611] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5613] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5612] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5611] <... futex resumed>) = ? [pid 5613] +++ killed by SIGBUS +++ [pid 5612] +++ killed by SIGBUS +++ [pid 5611] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5611, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5614 attached , child_tidptr=0x55555720b690) = 5614 [pid 5614] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5614] chdir("./179") = 0 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5614] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5615 attached => {parent_tid=[5615]}, 88) = 5615 [pid 5615] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5615] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5614] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = 1 [pid 5615] memfd_create("syzkaller", 0 [pid 5614] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5615] <... memfd_create resumed>) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5615] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./file0", 0777) = 0 [pid 5615] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./file0") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5614] <... futex resumed>) = 0 [ 205.171055][ T5615] loop0: detected capacity change from 0 to 2048 [ 205.196591][ T5615] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 205.208920][ T5615] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5614] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... open resumed>) = 4 [pid 5615] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = 1 [pid 5615] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5614] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... open resumed>) = 5 [pid 5615] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5615] ftruncate(5, 33587199 [pid 5614] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... ftruncate resumed>) = 0 [pid 5615] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5615] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5614] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5614] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5614] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5615] <... mmap resumed>) = 0x20000000 [pid 5614] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5615] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5616 attached [pid 5616] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5614] <... clone3 resumed> => {parent_tid=[5616]}, 88) = 5616 [pid 5616] set_robust_list(0x7f50e61579a0, 24 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], [pid 5616] <... set_robust_list resumed>) = 0 [pid 5614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], [pid 5614] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = 0 [pid 5614] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5616] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5616] <... futex resumed>) = 1 [pid 5614] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = 1 [pid 5615] read(6, [pid 5614] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5614] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = 1 [pid 5614] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5615] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5615] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5614] <... futex resumed>) = ? [pid 5616] +++ killed by SIGBUS +++ [pid 5615] +++ killed by SIGBUS +++ [pid 5614] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5614, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5617 attached , child_tidptr=0x55555720b690) = 5617 [pid 5617] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5617] chdir("./180") = 0 [pid 5617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5617] setpgid(0, 0) = 0 [pid 5617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5617] write(3, "1000", 4) = 4 [pid 5617] close(3) = 0 [pid 5617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5617] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5617] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5617] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5618 attached => {parent_tid=[5618]}, 88) = 5618 [pid 5618] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5618] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5618] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5617] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5618] memfd_create("syzkaller", 0 [pid 5617] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5618] <... memfd_create resumed>) = 3 [pid 5618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5618] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5618] close(3) = 0 [pid 5618] mkdir("./file0", 0777) = 0 [pid 5618] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5618] chdir("./file0") = 0 [pid 5618] ioctl(4, LOOP_CLR_FD) = 0 [pid 5618] close(4) = 0 [pid 5618] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5617] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5618] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5617] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5617] <... futex resumed>) = 0 [pid 5618] <... open resumed>) = 5 [pid 5617] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5617] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] ftruncate(5, 33587199 [pid 5617] <... futex resumed>) = 0 [ 205.892394][ T5618] loop0: detected capacity change from 0 to 2048 [ 205.908113][ T5618] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 205.919876][ T5618] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5617] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... ftruncate resumed>) = 0 [pid 5618] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5618] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] <... futex resumed>) = 0 [pid 5618] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5617] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5617] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5617] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5619 attached [pid 5619] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5619] set_robust_list(0x7f50e61579a0, 24 [pid 5618] <... mmap resumed>) = 0x20000000 [pid 5617] <... clone3 resumed> => {parent_tid=[5619]}, 88) = 5619 [pid 5619] <... set_robust_list resumed>) = 0 [pid 5618] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5619] rt_sigprocmask(SIG_SETMASK, [], [pid 5618] <... futex resumed>) = 0 [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5618] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5619] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5619] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] read(6, [pid 5617] <... futex resumed>) = 1 [pid 5617] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5617] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5617] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5618] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5617] <... futex resumed>) = ? [pid 5619] +++ killed by SIGBUS +++ [pid 5618] +++ killed by SIGBUS +++ [pid 5617] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5617, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5620 attached , child_tidptr=0x55555720b690) = 5620 [pid 5620] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5620] chdir("./181") = 0 [pid 5620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5620] setpgid(0, 0) = 0 [pid 5620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5620] write(3, "1000", 4) = 4 [pid 5620] close(3) = 0 [pid 5620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5620] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5620] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5621 attached [pid 5621] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5620] <... clone3 resumed> => {parent_tid=[5621]}, 88) = 5621 [pid 5621] set_robust_list(0x7f50e61789a0, 24 [pid 5620] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] <... set_robust_list resumed>) = 0 [pid 5620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] <... futex resumed>) = 0 [pid 5621] memfd_create("syzkaller", 0 [pid 5620] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5621] <... memfd_create resumed>) = 3 [pid 5621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5621] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5621] close(3) = 0 [pid 5621] mkdir("./file0", 0777) = 0 [pid 5621] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5621] chdir("./file0") = 0 [pid 5621] ioctl(4, LOOP_CLR_FD) = 0 [pid 5621] close(4) = 0 [pid 5621] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 206.659424][ T5621] loop0: detected capacity change from 0 to 2048 [ 206.685714][ T5621] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 206.697589][ T5621] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5620] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... open resumed>) = 4 [pid 5621] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5620] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5620] <... futex resumed>) = 0 [pid 5621] <... open resumed>) = 5 [pid 5620] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5620] <... futex resumed>) = 0 [pid 5621] ftruncate(5, 33587199 [pid 5620] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... ftruncate resumed>) = 0 [pid 5621] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5620] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5620] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5620] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5620] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5621] <... mmap resumed>) = 0x20000000 [pid 5621] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5622 attached [pid 5622] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5620] <... clone3 resumed> => {parent_tid=[5622]}, 88) = 5622 [pid 5622] set_robust_list(0x7f50e61579a0, 24 [pid 5620] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] <... set_robust_list resumed>) = 0 [pid 5620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5622] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5620] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] <... futex resumed>) = 0 [pid 5620] <... futex resumed>) = 1 [pid 5621] read(6, [pid 5620] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5620] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = 0 [pid 5620] <... futex resumed>) = 1 [pid 5620] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5622] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5621] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5620] <... futex resumed>) = ? [pid 5621] +++ killed by SIGBUS +++ [pid 5622] +++ killed by SIGBUS +++ [pid 5620] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5620, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5623 attached , child_tidptr=0x55555720b690) = 5623 [pid 5623] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5623] chdir("./182") = 0 [pid 5623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5623] setpgid(0, 0) = 0 [pid 5623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5623] write(3, "1000", 4) = 4 [pid 5623] close(3) = 0 [pid 5623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5623] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5623] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5624 attached [pid 5624] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5623] <... clone3 resumed> => {parent_tid=[5624]}, 88) = 5624 [pid 5624] <... rseq resumed>) = 0 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5624] set_robust_list(0x7f50e61789a0, 24 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5624] <... set_robust_list resumed>) = 0 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5624] memfd_create("syzkaller", 0) = 3 [pid 5624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5624] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5624] close(3) = 0 [pid 5624] mkdir("./file0", 0777) = 0 [pid 5624] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5624] chdir("./file0") = 0 [pid 5624] ioctl(4, LOOP_CLR_FD) = 0 [pid 5624] close(4) = 0 [pid 5624] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5624] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... open resumed>) = 5 [ 207.367396][ T5624] loop0: detected capacity change from 0 to 2048 [ 207.393745][ T5624] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 207.406047][ T5624] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5624] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... futex resumed>) = 0 [pid 5624] <... futex resumed>) = 1 [pid 5623] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] ftruncate(5, 33587199 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... ftruncate resumed>) = 0 [pid 5624] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5624] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] <... futex resumed>) = 0 [pid 5624] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5623] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5623] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5623] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5625 attached [pid 5624] <... mmap resumed>) = 0x20000000 [pid 5623] <... clone3 resumed> => {parent_tid=[5625]}, 88) = 5625 [pid 5625] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5625] <... rseq resumed>) = 0 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5624] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] rt_sigprocmask(SIG_SETMASK, [], [pid 5624] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5625] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5625] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5624] read(6, [pid 5623] <... futex resumed>) = 1 [pid 5623] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5623] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 0 [pid 5623] <... futex resumed>) = 1 [pid 5623] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5624] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5624] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5623] <... futex resumed>) = ? [pid 5625] +++ killed by SIGBUS +++ [pid 5624] +++ killed by SIGBUS +++ [pid 5623] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5623, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5626] chdir("./183" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5626 [pid 5626] <... chdir resumed>) = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5626] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5626] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5627 attached [pid 5627] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5627] set_robust_list(0x7f50e61789a0, 24 [pid 5626] <... clone3 resumed> => {parent_tid=[5627]}, 88) = 5627 [pid 5627] <... set_robust_list resumed>) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], [pid 5627] rt_sigprocmask(SIG_SETMASK, [], [pid 5626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5626] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] memfd_create("syzkaller", 0 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5627] <... memfd_create resumed>) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5627] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] mkdir("./file0", 0777) = 0 [pid 5627] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./file0") = 0 [pid 5627] ioctl(4, LOOP_CLR_FD) = 0 [pid 5627] close(4) = 0 [pid 5627] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... futex resumed>) = 0 [pid 5627] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 208.022118][ T5627] loop0: detected capacity change from 0 to 2048 [ 208.048177][ T5627] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 208.062041][ T5627] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5627] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5626] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... open resumed>) = 5 [pid 5627] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] ftruncate(5, 33587199) = 0 [pid 5627] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = 1 [pid 5627] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5626] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5626] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5626] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] <... mmap resumed>) = 0x20000000 [pid 5627] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5627] <... futex resumed>) = 0 [pid 5626] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5627] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5628 attached [pid 5628] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5626] <... clone3 resumed> => {parent_tid=[5628]}, 88) = 5628 [pid 5628] <... rseq resumed>) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] set_robust_list(0x7f50e61579a0, 24 [pid 5626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] <... set_robust_list resumed>) = 0 [pid 5626] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] rt_sigprocmask(SIG_SETMASK, [], [pid 5626] <... futex resumed>) = 0 [pid 5628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5626] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5628] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5628] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = 1 [pid 5626] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] read(6, [pid 5626] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5626] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = 1 [pid 5626] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5628] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5627] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5627] ???() = ? [pid 5626] <... futex resumed>) = ? [pid 5627] +++ killed by SIGBUS +++ [pid 5628] +++ killed by SIGBUS +++ [pid 5626] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5629 attached , child_tidptr=0x55555720b690) = 5629 [pid 5629] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5629] chdir("./184") = 0 [pid 5629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5629] setpgid(0, 0) = 0 [pid 5629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5629] write(3, "1000", 4) = 4 [pid 5629] close(3) = 0 [pid 5629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5629] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5629] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5629] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5630 attached [pid 5630] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5629] <... clone3 resumed> => {parent_tid=[5630]}, 88) = 5630 [pid 5630] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], [pid 5630] rt_sigprocmask(SIG_SETMASK, [], [pid 5629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5629] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] memfd_create("syzkaller", 0 [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5630] <... memfd_create resumed>) = 3 [pid 5630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5630] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5630] close(3) = 0 [pid 5630] mkdir("./file0", 0777) = 0 [ 208.694133][ T5630] loop0: detected capacity change from 0 to 2048 [ 208.725068][ T5630] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5630] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5630] chdir("./file0") = 0 [pid 5630] ioctl(4, LOOP_CLR_FD) = 0 [pid 5630] close(4) = 0 [pid 5630] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [ 208.737202][ T5630] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5630] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5629] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... open resumed>) = 4 [pid 5630] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5630] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5629] <... futex resumed>) = 0 [pid 5630] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5629] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5630] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5629] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] ftruncate(5, 33587199 [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... ftruncate resumed>) = 0 [pid 5630] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5630] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5629] <... futex resumed>) = 0 [pid 5630] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5629] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5629] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5629] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5630] <... mmap resumed>) = 0x20000000 [pid 5629] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5630] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5631 attached [pid 5631] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5629] <... clone3 resumed> => {parent_tid=[5631]}, 88) = 5631 [pid 5631] set_robust_list(0x7f50e61579a0, 24 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], [pid 5631] <... set_robust_list resumed>) = 0 [pid 5629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5631] rt_sigprocmask(SIG_SETMASK, [], [pid 5629] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5630] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = 0 [pid 5630] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5631] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5631] <... futex resumed>) = 1 [pid 5629] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] <... futex resumed>) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5629] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] read(6, [pid 5629] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5629] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = 1 [pid 5629] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5630] <... read resumed>) = ? [pid 5629] <... futex resumed>) = ? [pid 5631] +++ killed by SIGBUS +++ [pid 5630] +++ killed by SIGBUS +++ [pid 5629] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5629, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5632 [pid 5632] chdir("./185") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5632] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5632] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5633] set_robust_list(0x7f50e61789a0, 24 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] <... set_robust_list resumed>) = 0 [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] memfd_create("syzkaller", 0 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5633] <... memfd_create resumed>) = 3 [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5633] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5633] close(3) = 0 [pid 5633] mkdir("./file0", 0777) = 0 [pid 5633] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./file0") = 0 [pid 5633] ioctl(4, LOOP_CLR_FD) = 0 [pid 5633] close(4) = 0 [pid 5633] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5632] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... open resumed>) = 4 [ 209.465057][ T5633] loop0: detected capacity change from 0 to 2048 [ 209.481232][ T5633] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 209.493078][ T5633] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5633] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... open resumed>) = 5 [pid 5633] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] ftruncate(5, 33587199 [pid 5632] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... ftruncate resumed>) = 0 [pid 5633] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5632] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5632] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5632] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5633] <... mmap resumed>) = 0x20000000 [pid 5633] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5634 attached [pid 5634] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5633] <... futex resumed>) = 0 [pid 5632] <... clone3 resumed> => {parent_tid=[5634]}, 88) = 5634 [pid 5634] <... rseq resumed>) = 0 [pid 5633] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5634] set_robust_list(0x7f50e61579a0, 24 [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5634] <... set_robust_list resumed>) = 0 [pid 5632] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] <... futex resumed>) = 0 [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5632] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5634] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5634] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5633] read(6, [pid 5632] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5632] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5632] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5633] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5632] <... futex resumed>) = ? [pid 5633] +++ killed by SIGBUS +++ [pid 5634] +++ killed by SIGBUS +++ [pid 5632] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5632, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5635 attached , child_tidptr=0x55555720b690) = 5635 [pid 5635] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5635] chdir("./186") = 0 [pid 5635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5635] setpgid(0, 0) = 0 [pid 5635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5635] write(3, "1000", 4) = 4 [pid 5635] close(3) = 0 [pid 5635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5635] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5635] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5635] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5635] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5636 attached [pid 5636] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5635] <... clone3 resumed> => {parent_tid=[5636]}, 88) = 5636 [pid 5636] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], [pid 5636] rt_sigprocmask(SIG_SETMASK, [], [pid 5635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5635] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] memfd_create("syzkaller", 0 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5636] <... memfd_create resumed>) = 3 [pid 5636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5636] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5636] close(3) = 0 [pid 5636] mkdir("./file0", 0777) = 0 [pid 5636] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5636] chdir("./file0") = 0 [pid 5636] ioctl(4, LOOP_CLR_FD) = 0 [pid 5636] close(4) = 0 [pid 5636] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5636] <... futex resumed>) = 1 [pid 5635] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... open resumed>) = 4 [pid 5636] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5636] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] ftruncate(5, 33587199 [ 210.176429][ T5636] loop0: detected capacity change from 0 to 2048 [ 210.196938][ T5636] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 210.209065][ T5636] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5635] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... ftruncate resumed>) = 0 [pid 5636] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5636] <... futex resumed>) = 1 [pid 5636] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5635] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5635] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5636] <... mmap resumed>) = 0x20000000 [pid 5636] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5635] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5637 attached [pid 5637] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5637] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5635] <... clone3 resumed> => {parent_tid=[5637]}, 88) = 5637 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], [pid 5635] rt_sigprocmask(SIG_SETMASK, [], [pid 5637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5637] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5637] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5635] <... futex resumed>) = 1 [pid 5635] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] read(6, [pid 5635] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5635] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 0 [pid 5635] <... futex resumed>) = 1 [pid 5635] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5637] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5636] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5635] <... futex resumed>) = ? [pid 5637] +++ killed by SIGBUS +++ [pid 5636] +++ killed by SIGBUS +++ [pid 5635] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5635, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5638 attached , child_tidptr=0x55555720b690) = 5638 [pid 5638] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5638] chdir("./187") = 0 [pid 5638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5638] setpgid(0, 0) = 0 [pid 5638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5638] write(3, "1000", 4) = 4 [pid 5638] close(3) = 0 [pid 5638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5638] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5638] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5639 attached [pid 5639] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5638] <... clone3 resumed> => {parent_tid=[5639]}, 88) = 5639 [pid 5639] <... rseq resumed>) = 0 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5639] set_robust_list(0x7f50e61789a0, 24 [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5639] <... set_robust_list resumed>) = 0 [pid 5638] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] <... futex resumed>) = 0 [pid 5639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5639] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] mkdir("./file0", 0777) = 0 [pid 5639] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./file0") = 0 [pid 5639] ioctl(4, LOOP_CLR_FD) = 0 [pid 5639] close(4) = 0 [pid 5639] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5638] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 210.868931][ T5639] loop0: detected capacity change from 0 to 2048 [ 210.893412][ T5639] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 210.905132][ T5639] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5638] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... open resumed>) = 4 [pid 5639] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... open resumed>) = 5 [pid 5638] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5638] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] ftruncate(5, 33587199 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... ftruncate resumed>) = 0 [pid 5639] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5638] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5638] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5638] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5640 attached [pid 5640] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5638] <... clone3 resumed> => {parent_tid=[5640]}, 88) = 5640 [pid 5640] <... rseq resumed>) = 0 [pid 5639] <... mmap resumed>) = 0x20000000 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5640] set_robust_list(0x7f50e61579a0, 24 [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5640] <... set_robust_list resumed>) = 0 [pid 5638] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5639] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] <... openat resumed>) = 6 [pid 5640] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5639] read(6, [pid 5638] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5638] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5638] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5639] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5639] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5639] +++ killed by SIGBUS +++ [pid 5638] <... futex resumed>) = ? [pid 5640] +++ killed by SIGBUS +++ [pid 5638] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5638, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5641 attached [pid 5641] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5641 [pid 5641] <... set_robust_list resumed>) = 0 [pid 5641] chdir("./188") = 0 [pid 5641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5641] setpgid(0, 0) = 0 [pid 5641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5641] write(3, "1000", 4) = 4 [pid 5641] close(3) = 0 [pid 5641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5641] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5641] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5641] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5641] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5641] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5642 attached [pid 5642] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5641] <... clone3 resumed> => {parent_tid=[5642]}, 88) = 5642 [pid 5642] <... rseq resumed>) = 0 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5642] set_robust_list(0x7f50e61789a0, 24 [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5642] <... set_robust_list resumed>) = 0 [pid 5641] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] <... futex resumed>) = 0 [pid 5642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5642] memfd_create("syzkaller", 0 [pid 5641] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5642] <... memfd_create resumed>) = 3 [pid 5642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5642] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5642] close(3) = 0 [pid 5642] mkdir("./file0", 0777) = 0 [pid 5642] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5642] chdir("./file0") = 0 [pid 5642] ioctl(4, LOOP_CLR_FD) = 0 [pid 5642] close(4) = 0 [pid 5642] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = 0 [pid 5641] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5642] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5641] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5642] <... open resumed>) = 4 [pid 5642] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5641] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5641] <... futex resumed>) = 0 [pid 5642] <... open resumed>) = 5 [pid 5641] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5642] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5641] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 211.574994][ T5642] loop0: detected capacity change from 0 to 2048 [ 211.601522][ T5642] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 211.613631][ T5642] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5642] ftruncate(5, 33587199 [pid 5641] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5642] <... ftruncate resumed>) = 0 [pid 5642] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5642] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5641] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5641] <... futex resumed>) = 1 [pid 5642] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5641] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5641] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5641] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5641] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5642] <... mmap resumed>) = 0x20000000 [pid 5642] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5642] <... futex resumed>) = 0 [pid 5641] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5642] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5643 attached [pid 5641] <... clone3 resumed> => {parent_tid=[5643]}, 88) = 5643 [pid 5643] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5643] set_robust_list(0x7f50e61579a0, 24 [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] <... set_robust_list resumed>) = 0 [pid 5641] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] <... futex resumed>) = 0 [pid 5643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5641] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5643] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5643] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5641] <... futex resumed>) = 0 [pid 5641] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] read(6, [pid 5641] <... futex resumed>) = 1 [pid 5641] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5641] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5643] <... futex resumed>) = 0 [pid 5643] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5642] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5641] <... futex resumed>) = ? [pid 5643] +++ killed by SIGBUS +++ [pid 5642] +++ killed by SIGBUS +++ [pid 5641] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5641, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5644 attached , child_tidptr=0x55555720b690) = 5644 [pid 5644] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5644] chdir("./189") = 0 [pid 5644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5644] setpgid(0, 0) = 0 [pid 5644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5644] write(3, "1000", 4) = 4 [pid 5644] close(3) = 0 [pid 5644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5644] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5644] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5645 attached [pid 5645] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5644] <... clone3 resumed> => {parent_tid=[5645]}, 88) = 5645 [pid 5645] <... rseq resumed>) = 0 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] set_robust_list(0x7f50e61789a0, 24 [pid 5644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] <... set_robust_list resumed>) = 0 [pid 5644] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5644] <... futex resumed>) = 0 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] memfd_create("syzkaller", 0 [pid 5644] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5645] <... memfd_create resumed>) = 3 [pid 5645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5645] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5645] close(3) = 0 [pid 5645] mkdir("./file0", 0777) = 0 [pid 5645] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5645] chdir("./file0") = 0 [pid 5645] ioctl(4, LOOP_CLR_FD) = 0 [pid 5645] close(4) = 0 [pid 5645] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = 0 [ 212.301796][ T5645] loop0: detected capacity change from 0 to 2048 [ 212.318990][ T5645] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 212.331548][ T5645] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5644] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = 1 [pid 5644] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5645] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = 0 [pid 5645] <... futex resumed>) = 1 [pid 5644] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... open resumed>) = 5 [pid 5645] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] <... futex resumed>) = 0 [pid 5645] ftruncate(5, 33587199 [pid 5644] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... ftruncate resumed>) = 0 [pid 5645] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] <... futex resumed>) = 0 [pid 5645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5644] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5644] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5644] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5646 attached [pid 5646] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5644] <... clone3 resumed> => {parent_tid=[5646]}, 88) = 5646 [pid 5646] set_robust_list(0x7f50e61579a0, 24 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], [pid 5646] <... set_robust_list resumed>) = 0 [pid 5644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5644] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5645] <... mmap resumed>) = 0x20000000 [pid 5645] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... openat resumed>) = 6 [pid 5646] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5646] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = 1 [pid 5645] read(6, [pid 5644] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5644] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = 1 [pid 5644] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5645] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5645] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = ? [pid 5646] +++ killed by SIGBUS +++ [pid 5645] <... futex resumed>) = ? [pid 5645] +++ killed by SIGBUS +++ [pid 5644] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5644, si_uid=0, si_status=SIGBUS, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5647 attached , child_tidptr=0x55555720b690) = 5647 [pid 5647] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5647] chdir("./190") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5647] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5648 attached [pid 5648] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5647] <... clone3 resumed> => {parent_tid=[5648]}, 88) = 5648 [pid 5648] set_robust_list(0x7f50e61789a0, 24 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5648] <... set_robust_list resumed>) = 0 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] memfd_create("syzkaller", 0 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5648] <... memfd_create resumed>) = 3 [pid 5648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5648] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5648] close(3) = 0 [pid 5648] mkdir("./file0", 0777) = 0 [pid 5648] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5648] chdir("./file0") = 0 [pid 5648] ioctl(4, LOOP_CLR_FD) = 0 [pid 5648] close(4) = 0 [pid 5648] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5647] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5647] <... futex resumed>) = 0 [ 212.988247][ T5648] loop0: detected capacity change from 0 to 2048 [ 213.013814][ T5648] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 213.026282][ T5648] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... open resumed>) = 4 [pid 5648] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5648] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] <... futex resumed>) = 0 [pid 5648] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... open resumed>) = 5 [pid 5648] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5648] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] <... futex resumed>) = 0 [pid 5648] ftruncate(5, 33587199 [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... ftruncate resumed>) = 0 [pid 5648] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5648] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] <... futex resumed>) = 0 [pid 5648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5647] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5647] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5648] <... mmap resumed>) = 0x20000000 [pid 5647] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5648] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5649 attached [pid 5649] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5647] <... clone3 resumed> => {parent_tid=[5649]}, 88) = 5649 [pid 5649] <... rseq resumed>) = 0 [pid 5649] set_robust_list(0x7f50e61579a0, 24 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5649] <... set_robust_list resumed>) = 0 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5649] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5647] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5649] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5649] <... futex resumed>) = 1 [pid 5647] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... futex resumed>) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5648] read(6, [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5647] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5647] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... futex resumed>) = 0 [pid 5647] <... futex resumed>) = 1 [pid 5647] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5649] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5648] <... read resumed>) = ? [pid 5647] <... futex resumed>) = ? [pid 5649] +++ killed by SIGBUS +++ [pid 5648] +++ killed by SIGBUS +++ [pid 5647] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5647, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5650 attached , child_tidptr=0x55555720b690) = 5650 [pid 5650] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5650] chdir("./191") = 0 [pid 5650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5650] setpgid(0, 0) = 0 [pid 5650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5650] write(3, "1000", 4) = 4 [pid 5650] close(3) = 0 [pid 5650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5650] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5650] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5650] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5651 attached [pid 5651] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5651] set_robust_list(0x7f50e61789a0, 24 [pid 5650] <... clone3 resumed> => {parent_tid=[5651]}, 88) = 5651 [pid 5651] <... set_robust_list resumed>) = 0 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] rt_sigprocmask(SIG_SETMASK, [], [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] memfd_create("syzkaller", 0 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5651] <... memfd_create resumed>) = 3 [pid 5651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5651] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5651] close(3) = 0 [pid 5651] mkdir("./file0", 0777) = 0 [pid 5651] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5651] chdir("./file0") = 0 [pid 5651] ioctl(4, LOOP_CLR_FD) = 0 [pid 5651] close(4) = 0 [pid 5651] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5651] <... futex resumed>) = 1 [pid 5650] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... open resumed>) = 4 [pid 5651] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... open resumed>) = 5 [pid 5651] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 213.738243][ T5651] loop0: detected capacity change from 0 to 2048 [ 213.753297][ T5651] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 213.765919][ T5651] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] ftruncate(5, 33587199 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... ftruncate resumed>) = 0 [pid 5651] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] <... futex resumed>) = 0 [pid 5651] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5650] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5650] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5651] <... mmap resumed>) = 0x20000000 [pid 5650] <... mprotect resumed>) = 0 [pid 5651] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5651] <... futex resumed>) = 0 [pid 5650] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5652 attached [pid 5652] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5651] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... clone3 resumed> => {parent_tid=[5652]}, 88) = 5652 [pid 5652] set_robust_list(0x7f50e61579a0, 24 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5652] <... set_robust_list resumed>) = 0 [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5652] rt_sigprocmask(SIG_SETMASK, [], [pid 5650] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5652] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5652] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = 0 [pid 5650] <... futex resumed>) = 1 [pid 5651] read(6, [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5650] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5650] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] <... futex resumed>) = 0 [pid 5650] <... futex resumed>) = 1 [pid 5650] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5652] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5651] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5651] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5650] <... futex resumed>) = ? [pid 5652] +++ killed by SIGBUS +++ [pid 5651] +++ killed by SIGBUS +++ [pid 5650] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5650, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5653 attached [pid 5653] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5653 [pid 5653] <... set_robust_list resumed>) = 0 [pid 5653] chdir("./192") = 0 [pid 5653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5653] setpgid(0, 0) = 0 [pid 5653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5653] write(3, "1000", 4) = 4 [pid 5653] close(3) = 0 [pid 5653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5653] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5653] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5654 attached [pid 5654] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5653] <... clone3 resumed> => {parent_tid=[5654]}, 88) = 5654 [pid 5654] <... rseq resumed>) = 0 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5654] set_robust_list(0x7f50e61789a0, 24 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5654] <... set_robust_list resumed>) = 0 [pid 5653] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5653] <... futex resumed>) = 0 [pid 5654] memfd_create("syzkaller", 0 [pid 5653] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5654] <... memfd_create resumed>) = 3 [pid 5654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5654] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5654] close(3) = 0 [pid 5654] mkdir("./file0", 0777) = 0 [pid 5654] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5654] chdir("./file0") = 0 [pid 5654] ioctl(4, LOOP_CLR_FD) = 0 [pid 5654] close(4) = 0 [pid 5654] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5653] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5653] <... futex resumed>) = 0 [pid 5653] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... open resumed>) = 4 [pid 5654] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5654] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5653] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... open resumed>) = 5 [pid 5654] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5654] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5653] <... futex resumed>) = 0 [pid 5654] ftruncate(5, 33587199 [pid 5653] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... ftruncate resumed>) = 0 [pid 5654] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [ 214.568679][ T5654] loop0: detected capacity change from 0 to 2048 [ 214.579528][ T5654] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 214.591893][ T5654] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5654] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5653] <... futex resumed>) = 0 [pid 5654] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5653] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5653] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5653] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5653] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5654] <... mmap resumed>) = 0x20000000 [pid 5653] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5655 attached [pid 5655] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5653] <... clone3 resumed> => {parent_tid=[5655]}, 88) = 5655 [pid 5655] set_robust_list(0x7f50e61579a0, 24 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] <... set_robust_list resumed>) = 0 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5655] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5655] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5655] <... futex resumed>) = 1 [pid 5653] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = 1 [pid 5654] read(6, [pid 5653] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5653] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = 1 [pid 5653] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5654] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5653] <... futex resumed>) = ? [pid 5655] +++ killed by SIGBUS +++ [pid 5654] +++ killed by SIGBUS +++ [pid 5653] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5653, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5656 attached , child_tidptr=0x55555720b690) = 5656 [pid 5656] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5656] chdir("./193") = 0 [pid 5656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5656] setpgid(0, 0) = 0 [pid 5656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5656] write(3, "1000", 4) = 4 [pid 5656] close(3) = 0 [pid 5656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5656] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5656] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5657 attached [pid 5657] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5656] <... clone3 resumed> => {parent_tid=[5657]}, 88) = 5657 [pid 5657] <... rseq resumed>) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] set_robust_list(0x7f50e61789a0, 24 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5657] <... set_robust_list resumed>) = 0 [pid 5656] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] <... futex resumed>) = 0 [pid 5657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5657] memfd_create("syzkaller", 0) = 3 [pid 5657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5657] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5657] close(3) = 0 [pid 5657] mkdir("./file0", 0777) = 0 [pid 5657] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5657] chdir("./file0") = 0 [pid 5657] ioctl(4, LOOP_CLR_FD) = 0 [pid 5657] close(4) = 0 [pid 5657] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5656] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5657] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = 0 [ 215.184325][ T5657] loop0: detected capacity change from 0 to 2048 [ 215.198892][ T5657] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 215.211720][ T5657] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5656] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5656] <... futex resumed>) = 0 [pid 5657] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5656] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = 0 [pid 5657] <... futex resumed>) = 1 [pid 5656] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] ftruncate(5, 33587199 [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... ftruncate resumed>) = 0 [pid 5657] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = 0 [pid 5657] <... futex resumed>) = 1 [pid 5656] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5656] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5657] <... mmap resumed>) = 0x20000000 [pid 5656] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5658 attached [pid 5658] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5656] <... clone3 resumed> => {parent_tid=[5658]}, 88) = 5658 [pid 5658] <... rseq resumed>) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5658] set_robust_list(0x7f50e61579a0, 24 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5658] <... set_robust_list resumed>) = 0 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] <... futex resumed>) = 0 [pid 5658] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5656] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... openat resumed>) = 6 [pid 5658] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = 0 [pid 5656] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5656] <... futex resumed>) = 1 [pid 5657] read(6, [pid 5656] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5656] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5656] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006e000} --- [pid 5657] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 253824 [pid 5657] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... futex resumed>) = ? [pid 5658] +++ killed by SIGBUS +++ [pid 5657] <... futex resumed>) = ? [pid 5657] +++ killed by SIGBUS +++ [pid 5656] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5656, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5659 attached , child_tidptr=0x55555720b690) = 5659 [pid 5659] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5659] chdir("./194") = 0 [pid 5659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5659] setpgid(0, 0) = 0 [pid 5659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5659] write(3, "1000", 4) = 4 [pid 5659] close(3) = 0 [pid 5659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5659] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5659] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5660 attached [pid 5660] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5659] <... clone3 resumed> => {parent_tid=[5660]}, 88) = 5660 [pid 5660] <... rseq resumed>) = 0 [pid 5660] set_robust_list(0x7f50e61789a0, 24 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], [pid 5660] <... set_robust_list resumed>) = 0 [pid 5659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], [pid 5659] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] <... futex resumed>) = 0 [pid 5660] memfd_create("syzkaller", 0 [pid 5659] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5660] <... memfd_create resumed>) = 3 [pid 5660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5660] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5660] close(3) = 0 [pid 5660] mkdir("./file0", 0777) = 0 [pid 5660] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5660] chdir("./file0") = 0 [pid 5660] ioctl(4, LOOP_CLR_FD) = 0 [ 215.899503][ T5660] loop0: detected capacity change from 0 to 2048 [ 215.924792][ T5660] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 215.936504][ T5660] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5660] close(4) = 0 [pid 5660] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5660] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] <... open resumed>) = 5 [pid 5660] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5659] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] ftruncate(5, 33587199 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] <... ftruncate resumed>) = 0 [pid 5660] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5659] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5659] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5659] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5659] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5660] <... mmap resumed>) = 0x20000000 [pid 5660] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5660] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5661 attached [pid 5661] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5660] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5659] <... clone3 resumed> => {parent_tid=[5661]}, 88) = 5661 [pid 5661] set_robust_list(0x7f50e61579a0, 24 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], [pid 5661] <... set_robust_list resumed>) = 0 [pid 5659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], [pid 5659] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5661] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5661] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5659] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5659] <... futex resumed>) = 1 [pid 5660] read(6, [pid 5659] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5659] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5661] <... futex resumed>) = 0 [pid 5661] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5660] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5659] <... futex resumed>) = ? [pid 5661] +++ killed by SIGBUS +++ [pid 5660] +++ killed by SIGBUS +++ [pid 5659] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5659, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5662 attached , child_tidptr=0x55555720b690) = 5662 [pid 5662] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5662] chdir("./195") = 0 [pid 5662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5662] setpgid(0, 0) = 0 [pid 5662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5662] write(3, "1000", 4) = 4 [pid 5662] close(3) = 0 [pid 5662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5662] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5662] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5663 attached => {parent_tid=[5663]}, 88) = 5663 [pid 5663] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5663] <... rseq resumed>) = 0 [pid 5663] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5663] memfd_create("syzkaller", 0) = 3 [pid 5663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5663] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5663] close(3) = 0 [pid 5663] mkdir("./file0", 0777) = 0 [pid 5663] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5663] chdir("./file0") = 0 [pid 5663] ioctl(4, LOOP_CLR_FD) = 0 [pid 5663] close(4) = 0 [pid 5663] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 216.759021][ T5663] loop0: detected capacity change from 0 to 2048 [ 216.784189][ T5663] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 216.796427][ T5663] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5663] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5663] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] ftruncate(5, 33587199 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... ftruncate resumed>) = 0 [pid 5663] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5662] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5662] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5662] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5664 attached [pid 5663] <... mmap resumed>) = 0x20000000 [pid 5664] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5663] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... rseq resumed>) = 0 [pid 5663] <... futex resumed>) = 0 [pid 5664] set_robust_list(0x7f50e61579a0, 24 [pid 5663] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] <... set_robust_list resumed>) = 0 [pid 5664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5664] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... clone3 resumed> => {parent_tid=[5664]}, 88) = 5664 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5662] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5664] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5664] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5662] <... futex resumed>) = 1 [pid 5663] read(6, [pid 5662] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5662] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5662] <... futex resumed>) = 1 [pid 5662] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5664] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5663] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5662] <... futex resumed>) = ? [pid 5664] +++ killed by SIGBUS +++ [pid 5663] +++ killed by SIGBUS +++ [pid 5662] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5662, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5665 attached , child_tidptr=0x55555720b690) = 5665 [pid 5665] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5665] chdir("./196") = 0 [pid 5665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5665] setpgid(0, 0) = 0 [pid 5665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5665] write(3, "1000", 4) = 4 [pid 5665] close(3) = 0 [pid 5665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5665] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5665] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5666 attached [pid 5666] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5665] <... clone3 resumed> => {parent_tid=[5666]}, 88) = 5666 [pid 5666] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], [pid 5666] rt_sigprocmask(SIG_SETMASK, [], [pid 5665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5665] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] memfd_create("syzkaller", 0 [pid 5665] <... futex resumed>) = 0 [pid 5665] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5666] <... memfd_create resumed>) = 3 [pid 5666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5666] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5666] close(3) = 0 [pid 5666] mkdir("./file0", 0777) = 0 [pid 5666] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5666] chdir("./file0") = 0 [pid 5666] ioctl(4, LOOP_CLR_FD) = 0 [pid 5666] close(4) = 0 [ 217.540117][ T5666] loop0: detected capacity change from 0 to 2048 [ 217.565229][ T5666] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 217.577695][ T5666] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5666] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] <... futex resumed>) = 0 [pid 5666] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5666] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5665] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] <... open resumed>) = 4 [pid 5666] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] <... futex resumed>) = 0 [pid 5665] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5666] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5666] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5666] ftruncate(5, 33587199 [pid 5665] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] <... ftruncate resumed>) = 0 [pid 5666] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] <... futex resumed>) = 0 [pid 5666] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] <... futex resumed>) = 0 [pid 5666] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5665] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5665] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5665] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5666] <... mmap resumed>) = 0x20000000 [pid 5665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5666] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5667 attached [pid 5665] <... clone3 resumed> => {parent_tid=[5667]}, 88) = 5667 [pid 5667] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] <... rseq resumed>) = 0 [pid 5665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] set_robust_list(0x7f50e61579a0, 24 [pid 5665] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... set_robust_list resumed>) = 0 [pid 5665] <... futex resumed>) = 0 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5665] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5667] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] <... futex resumed>) = 0 [pid 5667] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5666] read(6, [pid 5665] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5665] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5665] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5667] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5666] <... read resumed>) = ? [pid 5665] <... futex resumed>) = ? [pid 5666] +++ killed by SIGBUS +++ [pid 5667] +++ killed by SIGBUS +++ [pid 5665] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5665, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5668 attached , child_tidptr=0x55555720b690) = 5668 [pid 5668] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5668] chdir("./197") = 0 [pid 5668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5668] setpgid(0, 0) = 0 [pid 5668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5668] write(3, "1000", 4) = 4 [pid 5668] close(3) = 0 [pid 5668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5668] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5668] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5669 attached [pid 5669] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5668] <... clone3 resumed> => {parent_tid=[5669]}, 88) = 5669 [pid 5669] <... rseq resumed>) = 0 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5669] set_robust_list(0x7f50e61789a0, 24 [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5669] <... set_robust_list resumed>) = 0 [pid 5668] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] rt_sigprocmask(SIG_SETMASK, [], [pid 5668] <... futex resumed>) = 0 [pid 5669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5668] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5669] memfd_create("syzkaller", 0) = 3 [pid 5669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5669] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5669] close(3) = 0 [pid 5669] mkdir("./file0", 0777) = 0 [pid 5669] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5669] chdir("./file0") = 0 [pid 5669] ioctl(4, LOOP_CLR_FD) = 0 [ 218.296640][ T5669] loop0: detected capacity change from 0 to 2048 [ 218.312702][ T5669] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 218.324616][ T5669] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5669] close(4) = 0 [pid 5669] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5668] <... futex resumed>) = 0 [pid 5669] <... open resumed>) = 4 [pid 5668] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5669] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5668] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... open resumed>) = 5 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... futex resumed>) = 0 [pid 5669] ftruncate(5, 33587199) = 0 [pid 5669] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5669] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5668] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5668] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5668] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] <... mmap resumed>) = 0x20000000 [pid 5668] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5669] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5670 attached [pid 5669] <... futex resumed>) = 0 [pid 5670] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5669] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] <... clone3 resumed> => {parent_tid=[5670]}, 88) = 5670 [pid 5670] <... rseq resumed>) = 0 [pid 5670] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5670] rt_sigprocmask(SIG_SETMASK, [], [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5668] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5670] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5670] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5669] read(6, [pid 5668] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5668] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5670] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5668] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5669] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5668] <... futex resumed>) = ? [pid 5669] +++ killed by SIGBUS +++ [pid 5670] +++ killed by SIGBUS +++ [pid 5668] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5668, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5671 attached , child_tidptr=0x55555720b690) = 5671 [pid 5671] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5671] chdir("./198") = 0 [pid 5671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5671] setpgid(0, 0) = 0 [pid 5671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5671] write(3, "1000", 4) = 4 [pid 5671] close(3) = 0 [pid 5671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5671] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5671] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5671] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5672 attached => {parent_tid=[5672]}, 88) = 5672 [pid 5672] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5671] rt_sigprocmask(SIG_SETMASK, [], [pid 5672] <... rseq resumed>) = 0 [pid 5672] set_robust_list(0x7f50e61789a0, 24 [pid 5671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] <... set_robust_list resumed>) = 0 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5672] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5671] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5671] <... futex resumed>) = 0 [pid 5672] memfd_create("syzkaller", 0 [pid 5671] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5672] <... memfd_create resumed>) = 3 [pid 5672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5672] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5672] close(3) = 0 [pid 5672] mkdir("./file0", 0777) = 0 [pid 5672] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5672] chdir("./file0") = 0 [pid 5672] ioctl(4, LOOP_CLR_FD) = 0 [pid 5672] close(4) = 0 [pid 5672] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] <... futex resumed>) = 0 [pid 5672] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5671] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5671] <... futex resumed>) = 0 [pid 5671] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... open resumed>) = 4 [ 218.972307][ T5672] loop0: detected capacity change from 0 to 2048 [ 218.989763][ T5672] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 219.001993][ T5672] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5672] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] <... futex resumed>) = 0 [pid 5672] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5671] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] <... open resumed>) = 5 [pid 5671] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] <... futex resumed>) = 0 [pid 5672] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5671] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] ftruncate(5, 33587199) = 0 [pid 5671] <... futex resumed>) = 0 [pid 5672] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5671] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5671] <... futex resumed>) = 1 [pid 5672] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5671] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5671] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5671] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] <... mmap resumed>) = 0x20000000 [pid 5672] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5673 attached [pid 5673] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5671] <... clone3 resumed> => {parent_tid=[5673]}, 88) = 5673 [pid 5673] set_robust_list(0x7f50e61579a0, 24 [pid 5671] rt_sigprocmask(SIG_SETMASK, [], [pid 5673] <... set_robust_list resumed>) = 0 [pid 5671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5673] rt_sigprocmask(SIG_SETMASK, [], [pid 5671] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5671] <... futex resumed>) = 0 [pid 5671] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5673] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] <... futex resumed>) = 0 [pid 5673] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5671] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5671] <... futex resumed>) = 1 [pid 5672] read(6, [pid 5671] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5671] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] <... futex resumed>) = 0 [pid 5671] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5673] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5672] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5673] +++ killed by SIGBUS +++ [pid 5671] <... futex resumed>) = ? [pid 5672] +++ killed by SIGBUS +++ [pid 5671] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5674 attached , child_tidptr=0x55555720b690) = 5674 [pid 5674] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5674] chdir("./199") = 0 [pid 5674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5674] setpgid(0, 0) = 0 [pid 5674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5674] write(3, "1000", 4) = 4 [pid 5674] close(3) = 0 [pid 5674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5674] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5674] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5675 attached [pid 5675] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5674] <... clone3 resumed> => {parent_tid=[5675]}, 88) = 5675 [pid 5675] set_robust_list(0x7f50e61789a0, 24 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], [pid 5675] <... set_robust_list resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5675] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5674] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5674] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5675] memfd_create("syzkaller", 0) = 3 [pid 5675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5675] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5675] close(3) = 0 [pid 5675] mkdir("./file0", 0777) = 0 [pid 5675] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5675] chdir("./file0") = 0 [pid 5675] ioctl(4, LOOP_CLR_FD) = 0 [pid 5675] close(4) = 0 [pid 5675] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5675] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5674] <... futex resumed>) = 0 [pid 5675] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5674] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... open resumed>) = 4 [ 219.689398][ T5675] loop0: detected capacity change from 0 to 2048 [ 219.717229][ T5675] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 219.729321][ T5675] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5675] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5674] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... open resumed>) = 5 [pid 5675] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] ftruncate(5, 33587199 [pid 5674] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] <... ftruncate resumed>) = 0 [pid 5675] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5674] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] <... futex resumed>) = 0 [pid 5675] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5674] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5674] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5674] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5674] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5675] <... mmap resumed>) = 0x20000000 [pid 5674] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5675] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5676 attached [pid 5676] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5675] <... futex resumed>) = 0 [pid 5674] <... clone3 resumed> => {parent_tid=[5676]}, 88) = 5676 [pid 5675] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] <... rseq resumed>) = 0 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] set_robust_list(0x7f50e61579a0, 24 [pid 5674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] <... set_robust_list resumed>) = 0 [pid 5674] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], [pid 5674] <... futex resumed>) = 0 [pid 5676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5674] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5676] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5676] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = 0 [pid 5674] <... futex resumed>) = 1 [pid 5674] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] read(6, [pid 5674] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5674] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5674] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5676] memfd_create("syzkaller", 0) = 7 [pid 5676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5676] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5676] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5676] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5676] ioctl(8, LOOP_CLR_FD) = 0 [pid 5676] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5676] close(8) = 0 [pid 5676] close(7) = 0 [pid 5676] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5676] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] exit_group(0 [pid 5676] <... futex resumed>) = ? [pid 5674] <... exit_group resumed>) = ? [pid 5676] +++ exited with 0 +++ [pid 5675] <... read resumed> ) = ? [pid 5675] +++ exited with 0 +++ [pid 5674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5674, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=57 /* 0.57 s */} --- umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5677 attached , child_tidptr=0x55555720b690) = 5677 [pid 5677] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5677] chdir("./200") = 0 [pid 5677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5677] setpgid(0, 0) = 0 [pid 5677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5677] write(3, "1000", 4) = 4 [pid 5677] close(3) = 0 [pid 5677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5677] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5677] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5678 attached [pid 5678] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5677] <... clone3 resumed> => {parent_tid=[5678]}, 88) = 5678 [pid 5678] <... rseq resumed>) = 0 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5678] set_robust_list(0x7f50e61789a0, 24 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5678] <... set_robust_list resumed>) = 0 [pid 5677] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] <... futex resumed>) = 0 [pid 5678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5678] memfd_create("syzkaller", 0) = 3 [pid 5678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5678] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5678] close(3) = 0 [pid 5678] mkdir("./file0", 0777) = 0 [pid 5678] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5678] chdir("./file0") = 0 [pid 5678] ioctl(4, LOOP_CLR_FD) = 0 [pid 5678] close(4) = 0 [pid 5678] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] <... futex resumed>) = 0 [pid 5678] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 220.871023][ T5678] loop0: detected capacity change from 0 to 2048 [ 220.899306][ T5678] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 220.911524][ T5678] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5677] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... open resumed>) = 4 [pid 5678] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5677] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... open resumed>) = 5 [pid 5678] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... futex resumed>) = 1 [pid 5678] ftruncate(5, 33587199) = 0 [pid 5678] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5678] <... futex resumed>) = 1 [pid 5677] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5677] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5678] <... mmap resumed>) = 0x20000000 [pid 5678] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5678] <... futex resumed>) = 0 [pid 5677] <... mprotect resumed>) = 0 [pid 5678] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5679 attached [pid 5679] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5677] <... clone3 resumed> => {parent_tid=[5679]}, 88) = 5679 [pid 5679] <... rseq resumed>) = 0 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5679] set_robust_list(0x7f50e61579a0, 24 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5679] <... set_robust_list resumed>) = 0 [pid 5677] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] <... futex resumed>) = 0 [pid 5679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5679] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5679] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [pid 5678] read(6, [pid 5677] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5677] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [pid 5677] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5678] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5678] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5677] <... futex resumed>) = ? [pid 5679] +++ killed by SIGBUS +++ [pid 5678] +++ killed by SIGBUS +++ [pid 5677] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5677, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5680 attached [pid 5680] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5680 [pid 5680] <... set_robust_list resumed>) = 0 [pid 5680] chdir("./201") = 0 [pid 5680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] setpgid(0, 0) = 0 [pid 5680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] write(3, "1000", 4) = 4 [pid 5680] close(3) = 0 [pid 5680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5680] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5680] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5681 attached [pid 5681] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5680] <... clone3 resumed> => {parent_tid=[5681]}, 88) = 5681 [pid 5681] set_robust_list(0x7f50e61789a0, 24 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], [pid 5681] <... set_robust_list resumed>) = 0 [pid 5680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], [pid 5680] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5680] <... futex resumed>) = 0 [pid 5681] memfd_create("syzkaller", 0 [pid 5680] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5681] <... memfd_create resumed>) = 3 [pid 5681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5681] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5681] close(3) = 0 [pid 5681] mkdir("./file0", 0777) = 0 [pid 5681] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5681] chdir("./file0") = 0 [pid 5681] ioctl(4, LOOP_CLR_FD) = 0 [pid 5681] close(4) = 0 [pid 5681] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [pid 5681] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 221.639397][ T5681] loop0: detected capacity change from 0 to 2048 [ 221.655720][ T5681] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 221.667589][ T5681] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5681] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5681] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5681] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5680] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... open resumed>) = 5 [pid 5681] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [pid 5681] ftruncate(5, 33587199 [pid 5680] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... ftruncate resumed>) = 0 [pid 5681] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5680] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5680] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5680] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5681] <... mmap resumed>) = 0x20000000 [pid 5680] <... mprotect resumed>) = 0 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5681] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5681] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5682 attached [pid 5682] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5682] set_robust_list(0x7f50e61579a0, 24 [pid 5680] <... clone3 resumed> => {parent_tid=[5682]}, 88) = 5682 [pid 5682] <... set_robust_list resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5680] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5682] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = 0 [pid 5682] <... futex resumed>) = 1 [pid 5680] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = 0 [pid 5680] <... futex resumed>) = 1 [pid 5681] read(6, [pid 5680] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5680] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5680] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5682] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5681] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5680] <... futex resumed>) = ? [pid 5682] +++ killed by SIGBUS +++ [pid 5681] +++ killed by SIGBUS +++ [pid 5680] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5680, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5683 attached , child_tidptr=0x55555720b690) = 5683 [pid 5683] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5683] chdir("./202") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5683] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5684 attached [pid 5684] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5683] <... clone3 resumed> => {parent_tid=[5684]}, 88) = 5684 [pid 5684] set_robust_list(0x7f50e61789a0, 24 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5684] <... set_robust_list resumed>) = 0 [pid 5684] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5683] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] memfd_create("syzkaller", 0) = 3 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5684] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5684] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5684] close(3) = 0 [pid 5684] mkdir("./file0", 0777) = 0 [pid 5684] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5684] chdir("./file0") = 0 [pid 5684] ioctl(4, LOOP_CLR_FD) = 0 [pid 5684] close(4) = 0 [pid 5684] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [ 222.275563][ T5684] loop0: detected capacity change from 0 to 2048 [ 222.290473][ T5684] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 222.303508][ T5684] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5684] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5683] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5683] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... open resumed>) = 4 [pid 5684] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5684] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5683] <... futex resumed>) = 0 [pid 5684] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5683] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... open resumed>) = 5 [pid 5684] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5684] <... futex resumed>) = 0 [pid 5683] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] ftruncate(5, 33587199 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... ftruncate resumed>) = 0 [pid 5684] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5684] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5683] <... futex resumed>) = 0 [pid 5684] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5683] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5683] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5683] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5684] <... mmap resumed>) = 0x20000000 [pid 5683] <... mprotect resumed>) = 0 [pid 5684] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5684] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[5685]}, 88) = 5685 ./strace-static-x86_64: Process 5685 attached [pid 5685] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5685] <... rseq resumed>) = 0 [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] set_robust_list(0x7f50e61579a0, 24 [pid 5683] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... set_robust_list resumed>) = 0 [pid 5683] <... futex resumed>) = 0 [pid 5685] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5685] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5685] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5683] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] read(6, [pid 5683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5683] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = 0 [pid 5683] <... futex resumed>) = 1 [pid 5683] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5684] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5684] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5683] <... futex resumed>) = ? [pid 5685] +++ killed by SIGBUS +++ [pid 5684] +++ killed by SIGBUS +++ [pid 5683] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5683, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5686 attached [pid 5686] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5686 [pid 5686] <... set_robust_list resumed>) = 0 [pid 5686] chdir("./203") = 0 [pid 5686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5686] setpgid(0, 0) = 0 [pid 5686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5686] write(3, "1000", 4) = 4 [pid 5686] close(3) = 0 [pid 5686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5686] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5686] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5687 attached => {parent_tid=[5687]}, 88) = 5687 [pid 5687] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5687] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5686] <... futex resumed>) = 0 [pid 5687] memfd_create("syzkaller", 0 [pid 5686] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5687] <... memfd_create resumed>) = 3 [pid 5687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5687] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5687] close(3) = 0 [pid 5687] mkdir("./file0", 0777) = 0 [pid 5687] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5687] chdir("./file0") = 0 [pid 5687] ioctl(4, LOOP_CLR_FD) = 0 [pid 5687] close(4) = 0 [pid 5687] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5686] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... open resumed>) = 4 [pid 5687] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5686] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5686] <... futex resumed>) = 0 [pid 5687] <... open resumed>) = 5 [pid 5686] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5686] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] ftruncate(5, 33587199 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... ftruncate resumed>) = 0 [ 223.044688][ T5687] loop0: detected capacity change from 0 to 2048 [ 223.071447][ T5687] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 223.083340][ T5687] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5687] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5686] <... futex resumed>) = 1 [pid 5687] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5686] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5686] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5686] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] <... mmap resumed>) = 0x20000000 [pid 5687] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5687] <... futex resumed>) = 0 [pid 5686] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5687] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5688 attached [pid 5688] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5686] <... clone3 resumed> => {parent_tid=[5688]}, 88) = 5688 [pid 5688] <... rseq resumed>) = 0 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], [pid 5688] set_robust_list(0x7f50e61579a0, 24 [pid 5686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5688] <... set_robust_list resumed>) = 0 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5688] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] <... futex resumed>) = 0 [pid 5688] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5686] <... futex resumed>) = 1 [pid 5686] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] read(6, [pid 5686] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5686] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5686] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5688] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5686] <... futex resumed>) = ? [pid 5687] <... read resumed> ) = ? [pid 5688] +++ killed by SIGBUS +++ [pid 5687] +++ killed by SIGBUS +++ [pid 5686] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5686, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5689 attached , child_tidptr=0x55555720b690) = 5689 [pid 5689] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5689] chdir("./204") = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5689] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5690 attached [pid 5690] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5689] <... clone3 resumed> => {parent_tid=[5690]}, 88) = 5690 [pid 5690] <... rseq resumed>) = 0 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], [pid 5690] set_robust_list(0x7f50e61789a0, 24 [pid 5689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5690] <... set_robust_list resumed>) = 0 [pid 5689] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5690] memfd_create("syzkaller", 0) = 3 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5690] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5690] close(3) = 0 [pid 5690] mkdir("./file0", 0777) = 0 [pid 5690] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./file0") = 0 [pid 5690] ioctl(4, LOOP_CLR_FD) = 0 [pid 5690] close(4) = 0 [pid 5690] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... futex resumed>) = 0 [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... open resumed>) = 4 [ 223.764792][ T5690] loop0: detected capacity change from 0 to 2048 [ 223.781043][ T5690] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 223.793053][ T5690] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5690] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] <... futex resumed>) = 0 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... open resumed>) = 5 [pid 5690] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... futex resumed>) = 0 [pid 5690] ftruncate(5, 33587199) = 0 [pid 5690] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5690] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5689] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5689] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5690] <... mmap resumed>) = 0x20000000 [pid 5689] <... mmap resumed>) = 0x7f50e6137000 [pid 5689] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5690] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5690] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5691 attached [pid 5691] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5689] <... clone3 resumed> => {parent_tid=[5691]}, 88) = 5691 [pid 5691] <... rseq resumed>) = 0 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], [pid 5691] set_robust_list(0x7f50e61579a0, 24 [pid 5689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5691] <... set_robust_list resumed>) = 0 [pid 5689] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], [pid 5689] <... futex resumed>) = 0 [pid 5691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5689] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5691] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5691] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5689] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] read(6, [pid 5689] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5689] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5689] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5691] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5690] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5690] +++ killed by SIGBUS +++ [pid 5689] <... futex resumed>) = ? [pid 5691] +++ killed by SIGBUS +++ [pid 5689] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5689, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5692 attached , child_tidptr=0x55555720b690) = 5692 [pid 5692] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5692] chdir("./205") = 0 [pid 5692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5692] setpgid(0, 0) = 0 [pid 5692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5692] write(3, "1000", 4) = 4 [pid 5692] close(3) = 0 [pid 5692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5692] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5692] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5693 attached [pid 5693] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5692] <... clone3 resumed> => {parent_tid=[5693]}, 88) = 5693 [pid 5693] set_robust_list(0x7f50e61789a0, 24 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], [pid 5693] <... set_robust_list resumed>) = 0 [pid 5692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5693] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5692] <... futex resumed>) = 0 [pid 5693] memfd_create("syzkaller", 0 [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5693] <... memfd_create resumed>) = 3 [pid 5693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5693] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5693] close(3) = 0 [pid 5693] mkdir("./file0", 0777) = 0 [pid 5693] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5693] chdir("./file0") = 0 [pid 5693] ioctl(4, LOOP_CLR_FD) = 0 [pid 5693] close(4) = 0 [pid 5693] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... open resumed>) = 4 [pid 5693] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5693] <... futex resumed>) = 0 [ 224.451355][ T5693] loop0: detected capacity change from 0 to 2048 [ 224.467366][ T5693] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 224.479437][ T5693] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5692] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... open resumed>) = 5 [pid 5693] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] ftruncate(5, 33587199 [pid 5692] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... ftruncate resumed>) = 0 [pid 5693] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5692] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5692] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5694 attached [pid 5693] <... mmap resumed>) = 0x20000000 [pid 5694] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5693] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... rseq resumed>) = 0 [pid 5693] <... futex resumed>) = 0 [pid 5694] set_robust_list(0x7f50e61579a0, 24 [pid 5693] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5694] <... set_robust_list resumed>) = 0 [pid 5694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5694] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] <... clone3 resumed> => {parent_tid=[5694]}, 88) = 5694 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5692] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5694] <... futex resumed>) = 0 [pid 5692] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5694] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5694] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5693] read(6, [pid 5692] <... futex resumed>) = 1 [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5692] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5692] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... futex resumed>) = 0 [pid 5692] <... futex resumed>) = 1 [pid 5692] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5693] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5692] <... futex resumed>) = ? [pid 5694] +++ killed by SIGBUS +++ [pid 5693] +++ killed by SIGBUS +++ [pid 5692] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5692, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5695 attached , child_tidptr=0x55555720b690) = 5695 [pid 5695] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5695] chdir("./206") = 0 [pid 5695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5695] setpgid(0, 0) = 0 [pid 5695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5695] write(3, "1000", 4) = 4 [pid 5695] close(3) = 0 [pid 5695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5695] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5695] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5696 attached [pid 5696] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5695] <... clone3 resumed> => {parent_tid=[5696]}, 88) = 5696 [pid 5696] set_robust_list(0x7f50e61789a0, 24 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], [pid 5696] <... set_robust_list resumed>) = 0 [pid 5695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], [pid 5695] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5695] <... futex resumed>) = 0 [pid 5696] memfd_create("syzkaller", 0 [pid 5695] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5696] <... memfd_create resumed>) = 3 [pid 5696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5696] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5696] close(3) = 0 [pid 5696] mkdir("./file0", 0777) = 0 [pid 5696] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5696] chdir("./file0") = 0 [pid 5696] ioctl(4, LOOP_CLR_FD) = 0 [pid 5696] close(4) = 0 [pid 5696] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5695] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... open resumed>) = 4 [pid 5696] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [ 225.108065][ T5696] loop0: detected capacity change from 0 to 2048 [ 225.134171][ T5696] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 225.146002][ T5696] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5696] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5695] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... open resumed>) = 5 [pid 5696] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] ftruncate(5, 33587199 [pid 5695] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... ftruncate resumed>) = 0 [pid 5696] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5695] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5695] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5695] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5696] <... mmap resumed>) = 0x20000000 [pid 5696] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5697 attached [pid 5697] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5695] <... clone3 resumed> => {parent_tid=[5697]}, 88) = 5697 [pid 5697] <... rseq resumed>) = 0 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], [pid 5697] set_robust_list(0x7f50e61579a0, 24 [pid 5695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5697] <... set_robust_list resumed>) = 0 [pid 5695] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], [pid 5695] <... futex resumed>) = 0 [pid 5697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5695] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5697] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] <... futex resumed>) = 0 [pid 5696] read(6, [pid 5695] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5695] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5695] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5697] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5696] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5696] ???() = ? [pid 5695] <... futex resumed>) = ? [pid 5697] +++ killed by SIGBUS +++ [pid 5696] +++ killed by SIGBUS +++ [pid 5695] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5695, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5698 attached , child_tidptr=0x55555720b690) = 5698 [pid 5698] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5698] chdir("./207") = 0 [pid 5698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5698] setpgid(0, 0) = 0 [pid 5698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5698] write(3, "1000", 4) = 4 [pid 5698] close(3) = 0 [pid 5698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5698] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5698] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5699 attached [pid 5699] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5698] <... clone3 resumed> => {parent_tid=[5699]}, 88) = 5699 [pid 5699] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], [pid 5699] rt_sigprocmask(SIG_SETMASK, [], [pid 5698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5699] memfd_create("syzkaller", 0 [pid 5698] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5699] <... memfd_create resumed>) = 3 [pid 5699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5699] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5699] close(3) = 0 [pid 5699] mkdir("./file0", 0777) = 0 [pid 5699] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5699] chdir("./file0") = 0 [pid 5699] ioctl(4, LOOP_CLR_FD) = 0 [pid 5699] close(4) = 0 [pid 5699] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5698] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5698] <... futex resumed>) = 0 [ 225.793928][ T5699] loop0: detected capacity change from 0 to 2048 [ 225.808339][ T5699] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 225.819984][ T5699] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5698] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... open resumed>) = 4 [pid 5699] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5698] <... futex resumed>) = 0 [pid 5699] <... open resumed>) = 5 [pid 5698] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] ftruncate(5, 33587199 [pid 5698] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... ftruncate resumed>) = 0 [pid 5699] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5698] <... futex resumed>) = 0 [pid 5699] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5698] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5698] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5698] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5699] <... mmap resumed>) = 0x20000000 [pid 5699] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] <... mprotect resumed>) = 0 [pid 5699] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5700 attached => {parent_tid=[5700]}, 88) = 5700 [pid 5700] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], [pid 5700] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5700] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5698] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5698] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5700] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5700] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5698] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] read(6, [pid 5698] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5698] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5698] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5699] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5698] <... futex resumed>) = ? [pid 5700] +++ killed by SIGBUS +++ [pid 5699] +++ killed by SIGBUS +++ [pid 5698] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5698, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5701 attached , child_tidptr=0x55555720b690) = 5701 [pid 5701] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5701] chdir("./208") = 0 [pid 5701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5701] setpgid(0, 0) = 0 [pid 5701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5701] write(3, "1000", 4) = 4 [pid 5701] close(3) = 0 [pid 5701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5701] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5702 attached => {parent_tid=[5702]}, 88) = 5702 [pid 5702] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] <... rseq resumed>) = 0 [pid 5702] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5702] <... futex resumed>) = 0 [pid 5702] memfd_create("syzkaller", 0) = 3 [pid 5702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5702] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5702] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5702] close(3) = 0 [pid 5702] mkdir("./file0", 0777) = 0 [pid 5702] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5702] chdir("./file0") = 0 [pid 5702] ioctl(4, LOOP_CLR_FD) = 0 [pid 5702] close(4) = 0 [pid 5702] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5701] <... futex resumed>) = 0 [pid 5702] <... open resumed>) = 4 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 226.640905][ T5702] loop0: detected capacity change from 0 to 2048 [ 226.656686][ T5702] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 226.668645][ T5702] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5702] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] <... futex resumed>) = 1 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5701] <... futex resumed>) = 1 [pid 5702] ftruncate(5, 33587199) = 0 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] <... futex resumed>) = 0 [pid 5702] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] <... mmap resumed>) = 0x20000000 [pid 5702] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5702] <... futex resumed>) = 0 [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5702] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5701] <... futex resumed>) = 0 [pid 5702] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5701] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] read(6, [pid 5701] <... futex resumed>) = 0 [pid 5701] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5701] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5701] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5703 attached [pid 5703] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5703] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], [pid 5701] <... clone3 resumed> => {parent_tid=[5703]}, 88) = 5703 [pid 5703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5703] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5701] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5701] <... futex resumed>) = 1 [pid 5701] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5703] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006d000} --- [pid 5702] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 257920 [pid 5701] <... futex resumed>) = ? [pid 5702] +++ killed by SIGBUS +++ [pid 5703] +++ killed by SIGBUS +++ [pid 5701] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5701, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5704 attached , child_tidptr=0x55555720b690) = 5704 [pid 5704] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5704] chdir("./209") = 0 [pid 5704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5704] setpgid(0, 0) = 0 [pid 5704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5704] write(3, "1000", 4) = 4 [pid 5704] close(3) = 0 [pid 5704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5704] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5704] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5705 attached [pid 5705] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5705] set_robust_list(0x7f50e61789a0, 24 [pid 5704] <... clone3 resumed> => {parent_tid=[5705]}, 88) = 5705 [pid 5705] <... set_robust_list resumed>) = 0 [pid 5705] rt_sigprocmask(SIG_SETMASK, [], [pid 5704] rt_sigprocmask(SIG_SETMASK, [], [pid 5705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5705] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5705] memfd_create("syzkaller", 0 [pid 5704] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5705] <... memfd_create resumed>) = 3 [pid 5705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5705] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5705] close(3) = 0 [pid 5705] mkdir("./file0", 0777) = 0 [pid 5705] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5705] chdir("./file0") = 0 [pid 5705] ioctl(4, LOOP_CLR_FD) = 0 [pid 5705] close(4) = 0 [pid 5705] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5704] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... open resumed>) = 4 [ 227.330288][ T5705] loop0: detected capacity change from 0 to 2048 [ 227.355618][ T5705] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 227.368160][ T5705] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5705] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5705] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5704] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5704] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] ftruncate(5, 33587199 [pid 5704] <... futex resumed>) = 0 [pid 5705] <... ftruncate resumed>) = 0 [pid 5704] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5705] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5704] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5704] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5704] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5706 attached => {parent_tid=[5706]}, 88) = 5706 [pid 5706] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5704] rt_sigprocmask(SIG_SETMASK, [], [pid 5706] <... rseq resumed>) = 0 [pid 5704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5704] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] set_robust_list(0x7f50e61579a0, 24 [pid 5704] <... futex resumed>) = 0 [pid 5706] <... set_robust_list resumed>) = 0 [pid 5704] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5706] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5705] <... mmap resumed>) = 0x20000000 [pid 5706] <... openat resumed>) = 6 [pid 5705] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5706] <... futex resumed>) = 1 [pid 5705] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] <... futex resumed>) = 0 [pid 5706] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = 0 [pid 5705] read(6, [pid 5704] <... futex resumed>) = 1 [pid 5704] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5704] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5704] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5706] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5705] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5704] <... futex resumed>) = ? [pid 5705] +++ killed by SIGBUS +++ [pid 5706] +++ killed by SIGBUS +++ [pid 5704] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5704, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5707 attached , child_tidptr=0x55555720b690) = 5707 [pid 5707] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5707] chdir("./210") = 0 [pid 5707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5707] setpgid(0, 0) = 0 [pid 5707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5707] write(3, "1000", 4) = 4 [pid 5707] close(3) = 0 [pid 5707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5707] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5707] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5708 attached => {parent_tid=[5708]}, 88) = 5708 [pid 5708] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] <... rseq resumed>) = 0 [pid 5707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5708] set_robust_list(0x7f50e61789a0, 24 [pid 5707] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... set_robust_list resumed>) = 0 [pid 5707] <... futex resumed>) = 0 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5708] memfd_create("syzkaller", 0) = 3 [pid 5708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5708] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5708] close(3) = 0 [pid 5708] mkdir("./file0", 0777) = 0 [pid 5708] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5708] chdir("./file0") = 0 [pid 5708] ioctl(4, LOOP_CLR_FD) = 0 [pid 5708] close(4) = 0 [pid 5708] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] <... futex resumed>) = 0 [pid 5707] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5707] <... futex resumed>) = 0 [pid 5707] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] <... open resumed>) = 4 [pid 5708] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5707] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] <... futex resumed>) = 1 [pid 5707] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [ 227.970426][ T5708] loop0: detected capacity change from 0 to 2048 [ 227.985313][ T5708] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 227.997280][ T5708] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5708] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] <... futex resumed>) = 0 [pid 5708] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5707] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5707] <... futex resumed>) = 0 [pid 5708] ftruncate(5, 33587199 [pid 5707] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] <... ftruncate resumed>) = 0 [pid 5708] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] <... futex resumed>) = 0 [pid 5708] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5707] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5707] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5707] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5707] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5708] <... mmap resumed>) = 0x20000000 [pid 5708] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5709 attached [pid 5709] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5707] <... clone3 resumed> => {parent_tid=[5709]}, 88) = 5709 [pid 5709] <... rseq resumed>) = 0 [pid 5709] set_robust_list(0x7f50e61579a0, 24 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], [pid 5709] <... set_robust_list resumed>) = 0 [pid 5707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] <... futex resumed>) = 0 [pid 5707] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5709] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5709] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] <... futex resumed>) = 0 [pid 5709] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5707] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5707] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] read(6, [pid 5707] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5707] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] <... futex resumed>) = 0 [pid 5707] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5708] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5707] <... futex resumed>) = ? [pid 5709] +++ killed by SIGBUS +++ [pid 5708] +++ killed by SIGBUS +++ [pid 5707] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5707, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5710 attached , child_tidptr=0x55555720b690) = 5710 [pid 5710] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5710] chdir("./211") = 0 [pid 5710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5710] setpgid(0, 0) = 0 [pid 5710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5710] write(3, "1000", 4) = 4 [pid 5710] close(3) = 0 [pid 5710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5710] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5710] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5710] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5710] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5711 attached => {parent_tid=[5711]}, 88) = 5711 [pid 5711] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5711] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5711] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] rt_sigprocmask(SIG_SETMASK, [], [pid 5711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5711] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5710] <... futex resumed>) = 0 [pid 5710] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5711] memfd_create("syzkaller", 0) = 3 [pid 5711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5711] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5711] close(3) = 0 [pid 5711] mkdir("./file0", 0777) = 0 [pid 5711] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5711] chdir("./file0") = 0 [pid 5711] ioctl(4, LOOP_CLR_FD) = 0 [pid 5711] close(4) = 0 [pid 5711] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = 0 [pid 5710] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5710] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 228.733500][ T5711] loop0: detected capacity change from 0 to 2048 [ 228.760654][ T5711] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 228.772739][ T5711] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5711] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5711] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] <... futex resumed>) = 0 [pid 5711] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5710] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5711] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] <... futex resumed>) = 0 [pid 5711] <... futex resumed>) = 0 [pid 5710] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5710] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5711] ftruncate(5, 33587199 [pid 5710] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5711] <... ftruncate resumed>) = 0 [pid 5711] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... futex resumed>) = 0 [pid 5710] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5711] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5710] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5710] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5710] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5710] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5711] <... mmap resumed>) = 0x20000000 [pid 5711] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5712 attached [pid 5712] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5710] <... clone3 resumed> => {parent_tid=[5712]}, 88) = 5712 [pid 5712] <... rseq resumed>) = 0 [pid 5710] rt_sigprocmask(SIG_SETMASK, [], [pid 5712] set_robust_list(0x7f50e61579a0, 24 [pid 5710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5712] <... set_robust_list resumed>) = 0 [pid 5710] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] <... futex resumed>) = 0 [pid 5712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5712] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] <... futex resumed>) = 0 [pid 5712] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5711] read(6, [pid 5710] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5710] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5710] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5712] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5711] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5711] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5710] <... futex resumed>) = ? [pid 5712] +++ killed by SIGBUS +++ [pid 5711] +++ killed by SIGBUS +++ [pid 5710] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5710, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5713 attached [pid 5713] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5713 [pid 5713] <... set_robust_list resumed>) = 0 [pid 5713] chdir("./212") = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5713] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5714 attached [pid 5714] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5713] <... clone3 resumed> => {parent_tid=[5714]}, 88) = 5714 [pid 5714] set_robust_list(0x7f50e61789a0, 24 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] <... set_robust_list resumed>) = 0 [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] <... futex resumed>) = 0 [pid 5714] memfd_create("syzkaller", 0 [pid 5713] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5714] <... memfd_create resumed>) = 3 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5714] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5714] close(3) = 0 [pid 5714] mkdir("./file0", 0777) = 0 [pid 5714] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5714] chdir("./file0") = 0 [pid 5714] ioctl(4, LOOP_CLR_FD) = 0 [pid 5714] close(4) = 0 [pid 5714] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... open resumed>) = 4 [ 229.533813][ T5714] loop0: detected capacity change from 0 to 2048 [ 229.549729][ T5714] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 229.562175][ T5714] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5714] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5713] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] <... open resumed>) = 5 [pid 5713] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5713] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] ftruncate(5, 33587199 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... ftruncate resumed>) = 0 [pid 5714] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5714] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5713] <... futex resumed>) = 1 [pid 5713] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5713] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5713] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5715 attached [pid 5715] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5713] <... clone3 resumed> => {parent_tid=[5715]}, 88) = 5715 [pid 5715] <... rseq resumed>) = 0 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5715] set_robust_list(0x7f50e61579a0, 24 [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5715] <... set_robust_list resumed>) = 0 [pid 5714] <... mmap resumed>) = 0x20000000 [pid 5713] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] <... futex resumed>) = 0 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5715] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5715] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5713] <... futex resumed>) = 1 [pid 5714] read(6, [pid 5713] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5713] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5715] <... futex resumed>) = 0 [pid 5715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5714] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5713] <... futex resumed>) = ? [pid 5715] +++ killed by SIGBUS +++ [pid 5714] +++ killed by SIGBUS +++ [pid 5713] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5713, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5716 attached , child_tidptr=0x55555720b690) = 5716 [pid 5716] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5716] chdir("./213") = 0 [pid 5716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5716] setpgid(0, 0) = 0 [pid 5716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5716] write(3, "1000", 4) = 4 [pid 5716] close(3) = 0 [pid 5716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5716] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5716] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5717 attached [pid 5717] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5716] <... clone3 resumed> => {parent_tid=[5717]}, 88) = 5717 [pid 5717] <... rseq resumed>) = 0 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], [pid 5717] set_robust_list(0x7f50e61789a0, 24 [pid 5716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5717] <... set_robust_list resumed>) = 0 [pid 5716] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] <... futex resumed>) = 0 [pid 5717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5716] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5717] memfd_create("syzkaller", 0) = 3 [pid 5717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5717] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5717] close(3) = 0 [pid 5717] mkdir("./file0", 0777) = 0 [pid 5717] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5717] chdir("./file0") = 0 [pid 5717] ioctl(4, LOOP_CLR_FD) = 0 [pid 5717] close(4) = 0 [pid 5717] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5717] <... futex resumed>) = 1 [pid 5716] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... open resumed>) = 4 [ 230.251608][ T5717] loop0: detected capacity change from 0 to 2048 [ 230.262581][ T5717] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 230.274623][ T5717] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5717] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5717] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5716] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... open resumed>) = 5 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5717] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5716] <... futex resumed>) = 0 [pid 5717] ftruncate(5, 33587199 [pid 5716] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... ftruncate resumed>) = 0 [pid 5717] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5717] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = 0 [pid 5716] <... futex resumed>) = 1 [pid 5717] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5716] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5716] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5716] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5717] <... mmap resumed>) = 0x20000000 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5717] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5718 attached ) = 0 [pid 5718] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5717] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] <... clone3 resumed> => {parent_tid=[5718]}, 88) = 5718 [pid 5718] <... rseq resumed>) = 0 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], [pid 5718] set_robust_list(0x7f50e61579a0, 24 [pid 5716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5718] <... set_robust_list resumed>) = 0 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5718] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... futex resumed>) = 1 [pid 5717] <... futex resumed>) = 0 [pid 5718] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] read(6, [pid 5716] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5716] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5716] <... futex resumed>) = 1 [pid 5716] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5718] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5717] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5716] <... futex resumed>) = ? [pid 5718] +++ killed by SIGBUS +++ [pid 5717] +++ killed by SIGBUS +++ [pid 5716] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5716, si_uid=0, si_status=SIGBUS, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5719 attached , child_tidptr=0x55555720b690) = 5719 [pid 5719] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5719] chdir("./214") = 0 [pid 5719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5719] setpgid(0, 0) = 0 [pid 5719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5719] write(3, "1000", 4) = 4 [pid 5719] close(3) = 0 [pid 5719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5719] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5719] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5719] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5719] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5720 attached => {parent_tid=[5720]}, 88) = 5720 [pid 5720] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5720] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5720] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] rt_sigprocmask(SIG_SETMASK, [], [pid 5720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5720] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] <... futex resumed>) = 0 [pid 5720] memfd_create("syzkaller", 0 [pid 5719] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5720] <... memfd_create resumed>) = 3 [pid 5720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5720] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5720] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5720] close(3) = 0 [pid 5720] mkdir("./file0", 0777) = 0 [pid 5720] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5720] chdir("./file0") = 0 [pid 5720] ioctl(4, LOOP_CLR_FD) = 0 [pid 5720] close(4) = 0 [pid 5720] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5720] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5720] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5719] <... futex resumed>) = 0 [pid 5719] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] <... open resumed>) = 4 [pid 5720] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5720] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] <... futex resumed>) = 0 [pid 5720] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [ 230.955070][ T5720] loop0: detected capacity change from 0 to 2048 [ 230.980705][ T5720] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 230.992734][ T5720] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5719] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] <... futex resumed>) = 0 [pid 5719] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] <... futex resumed>) = 0 [pid 5720] ftruncate(5, 33587199 [pid 5719] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] <... ftruncate resumed>) = 0 [pid 5720] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5719] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5719] <... futex resumed>) = 0 [pid 5719] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5719] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5719] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5720] <... mmap resumed>) = 0x20000000 [pid 5719] <... mprotect resumed>) = 0 [pid 5720] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5720] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5721 attached [pid 5721] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5719] <... clone3 resumed> => {parent_tid=[5721]}, 88) = 5721 [pid 5721] <... rseq resumed>) = 0 [pid 5719] rt_sigprocmask(SIG_SETMASK, [], [pid 5721] set_robust_list(0x7f50e61579a0, 24 [pid 5719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5721] <... set_robust_list resumed>) = 0 [pid 5719] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] <... futex resumed>) = 0 [pid 5721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5721] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 0 [pid 5721] <... futex resumed>) = 1 [pid 5719] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] <... futex resumed>) = 0 [pid 5720] read(6, [pid 5719] <... futex resumed>) = 1 [pid 5719] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5719] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5721] <... futex resumed>) = 0 [pid 5719] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5721] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006c000} --- [pid 5720] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 262016 [pid 5720] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5719] <... futex resumed>) = ? [pid 5720] +++ killed by SIGBUS +++ [pid 5721] +++ killed by SIGBUS +++ [pid 5719] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5719, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5722 attached , child_tidptr=0x55555720b690) = 5722 [pid 5722] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5722] chdir("./215") = 0 [pid 5722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5722] setpgid(0, 0) = 0 [pid 5722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5722] write(3, "1000", 4) = 4 [pid 5722] close(3) = 0 [pid 5722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5722] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5722] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5722] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5723 attached => {parent_tid=[5723]}, 88) = 5723 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] <... rseq resumed>) = 0 [pid 5722] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] set_robust_list(0x7f50e61789a0, 24 [pid 5722] <... futex resumed>) = 0 [pid 5723] <... set_robust_list resumed>) = 0 [pid 5722] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5723] memfd_create("syzkaller", 0) = 3 [pid 5723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5723] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5723] close(3) = 0 [pid 5723] mkdir("./file0", 0777) = 0 [pid 5723] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5723] chdir("./file0") = 0 [pid 5723] ioctl(4, LOOP_CLR_FD) = 0 [pid 5723] close(4) = 0 [pid 5723] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = 0 [pid 5723] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5722] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... open resumed>) = 4 [pid 5723] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5722] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... open resumed>) = 5 [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5722] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] ftruncate(5, 33587199 [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... ftruncate resumed>) = 0 [pid 5723] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = 0 [ 231.647138][ T5723] loop0: detected capacity change from 0 to 2048 [ 231.663860][ T5723] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 231.675638][ T5723] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5723] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5722] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5722] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5722] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5722] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5723] <... mmap resumed>) = 0x20000000 [pid 5723] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5724 attached [pid 5724] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5722] <... clone3 resumed> => {parent_tid=[5724]}, 88) = 5724 [pid 5724] set_robust_list(0x7f50e61579a0, 24 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5724] <... set_robust_list resumed>) = 0 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5724] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... futex resumed>) = 0 [pid 5723] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5724] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = 0 [pid 5723] read(6, [pid 5722] <... futex resumed>) = 1 [pid 5722] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5722] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 1 [pid 5722] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5724] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5723] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5723] +++ killed by SIGBUS +++ [pid 5722] <... futex resumed>) = ? [pid 5724] +++ killed by SIGBUS +++ [pid 5722] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5722, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5725 attached , child_tidptr=0x55555720b690) = 5725 [pid 5725] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5725] chdir("./216") = 0 [pid 5725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5725] setpgid(0, 0) = 0 [pid 5725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5725] write(3, "1000", 4) = 4 [pid 5725] close(3) = 0 [pid 5725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5725] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5725] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5725] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5725] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5725] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5726 attached [pid 5726] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5725] <... clone3 resumed> => {parent_tid=[5726]}, 88) = 5726 [pid 5726] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5725] rt_sigprocmask(SIG_SETMASK, [], [pid 5726] rt_sigprocmask(SIG_SETMASK, [], [pid 5725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5725] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] memfd_create("syzkaller", 0 [pid 5725] <... futex resumed>) = 0 [pid 5725] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5726] <... memfd_create resumed>) = 3 [pid 5726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5726] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5726] close(3) = 0 [pid 5726] mkdir("./file0", 0777) = 0 [pid 5726] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5726] chdir("./file0") = 0 [pid 5726] ioctl(4, LOOP_CLR_FD) = 0 [pid 5726] close(4) = 0 [pid 5726] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5725] <... futex resumed>) = 0 [pid 5725] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5725] <... futex resumed>) = 0 [pid 5726] <... open resumed>) = 4 [pid 5725] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5726] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5725] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5725] <... futex resumed>) = 0 [pid 5726] <... open resumed>) = 5 [pid 5726] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5726] <... futex resumed>) = 0 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] ftruncate(5, 33587199 [pid 5725] <... futex resumed>) = 0 [pid 5725] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5726] <... ftruncate resumed>) = 0 [pid 5726] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5725] <... futex resumed>) = 0 [pid 5726] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5725] <... futex resumed>) = 0 [ 232.320829][ T5726] loop0: detected capacity change from 0 to 2048 [ 232.346892][ T5726] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 232.358836][ T5726] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5725] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5725] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5725] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5725] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5726] <... mmap resumed>) = 0x20000000 [pid 5726] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5726] <... futex resumed>) = 0 [pid 5725] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5726] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] <... clone3 resumed> => {parent_tid=[5727]}, 88) = 5727 ./strace-static-x86_64: Process 5727 attached [pid 5727] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5725] rt_sigprocmask(SIG_SETMASK, [], [pid 5727] <... rseq resumed>) = 0 [pid 5725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5727] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5725] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] rt_sigprocmask(SIG_SETMASK, [], [pid 5725] <... futex resumed>) = 0 [pid 5727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5725] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5727] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5725] <... futex resumed>) = 0 [pid 5727] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5725] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5726] read(6, [pid 5725] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5725] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5725] <... futex resumed>) = 1 [pid 5725] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5727] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5726] <... read resumed>) = ? [pid 5725] <... futex resumed>) = ? [pid 5727] +++ killed by SIGBUS +++ [pid 5726] +++ killed by SIGBUS +++ [pid 5725] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5725, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5728 attached , child_tidptr=0x55555720b690) = 5728 [pid 5728] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5728] chdir("./217") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5728] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5729 attached [pid 5729] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5728] <... clone3 resumed> => {parent_tid=[5729]}, 88) = 5729 [pid 5729] set_robust_list(0x7f50e61789a0, 24 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5729] <... set_robust_list resumed>) = 0 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5728] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] memfd_create("syzkaller", 0 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5729] <... memfd_create resumed>) = 3 [pid 5729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5729] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5729] close(3) = 0 [pid 5729] mkdir("./file0", 0777) = 0 [pid 5729] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5729] chdir("./file0") = 0 [pid 5729] ioctl(4, LOOP_CLR_FD) = 0 [pid 5729] close(4) = 0 [ 233.118965][ T5729] loop0: detected capacity change from 0 to 2048 [ 233.140030][ T5729] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 233.152688][ T5729] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5729] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5728] <... futex resumed>) = 0 [pid 5729] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... open resumed>) = 4 [pid 5729] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5728] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... open resumed>) = 5 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5728] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] ftruncate(5, 33587199 [pid 5728] <... futex resumed>) = 0 [pid 5729] <... ftruncate resumed>) = 0 [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5728] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... futex resumed>) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5728] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5728] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5729] <... mmap resumed>) = 0x20000000 [pid 5728] <... mprotect resumed>) = 0 [pid 5729] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5729] <... futex resumed>) = 0 [pid 5728] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5729] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5730 attached [pid 5730] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5728] <... clone3 resumed> => {parent_tid=[5730]}, 88) = 5730 [pid 5730] <... rseq resumed>) = 0 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5730] set_robust_list(0x7f50e61579a0, 24 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5730] <... set_robust_list resumed>) = 0 [pid 5730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5730] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5728] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5730] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5730] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5729] read(6, [pid 5728] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5728] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5728] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5729] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5728] <... futex resumed>) = ? [pid 5730] +++ killed by SIGBUS +++ [pid 5729] +++ killed by SIGBUS +++ [pid 5728] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5728, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5731 attached [pid 5731] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5731 [pid 5731] <... set_robust_list resumed>) = 0 [pid 5731] chdir("./218") = 0 [pid 5731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5731] setpgid(0, 0) = 0 [pid 5731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5731] write(3, "1000", 4) = 4 [pid 5731] close(3) = 0 [pid 5731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5731] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5731] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5732 attached [pid 5732] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5731] <... clone3 resumed> => {parent_tid=[5732]}, 88) = 5732 [pid 5732] <... rseq resumed>) = 0 [pid 5732] set_robust_list(0x7f50e61789a0, 24 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], [pid 5732] <... set_robust_list resumed>) = 0 [pid 5731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] memfd_create("syzkaller", 0 [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5732] <... memfd_create resumed>) = 3 [pid 5732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5732] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5732] close(3) = 0 [pid 5732] mkdir("./file0", 0777) = 0 [pid 5732] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5732] chdir("./file0") = 0 [pid 5732] ioctl(4, LOOP_CLR_FD) = 0 [pid 5732] close(4) = 0 [pid 5732] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... futex resumed>) = 0 [ 233.830440][ T5732] loop0: detected capacity change from 0 to 2048 [ 233.843414][ T5732] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 233.856071][ T5732] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5732] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5732] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5732] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5731] <... futex resumed>) = 0 [pid 5732] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5731] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... open resumed>) = 5 [pid 5732] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] <... futex resumed>) = 0 [pid 5732] ftruncate(5, 33587199 [pid 5731] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... ftruncate resumed>) = 0 [pid 5732] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5732] <... futex resumed>) = 1 [pid 5731] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5731] <... futex resumed>) = 0 [pid 5731] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5731] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5731] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5732] <... mmap resumed>) = 0x20000000 [pid 5732] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5732] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5733 attached [pid 5732] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5733] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] <... clone3 resumed> => {parent_tid=[5733]}, 88) = 5733 [pid 5733] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5731] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5733] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5731] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] <... futex resumed>) = 0 [pid 5731] <... futex resumed>) = 1 [pid 5732] read(6, [pid 5731] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5731] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5731] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5733] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5732] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5731] <... futex resumed>) = ? [pid 5733] +++ killed by SIGBUS +++ [pid 5732] +++ killed by SIGBUS +++ [pid 5731] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5731, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5734 attached , child_tidptr=0x55555720b690) = 5734 [pid 5734] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5734] chdir("./219") = 0 [pid 5734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5734] setpgid(0, 0) = 0 [pid 5734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5734] write(3, "1000", 4) = 4 [pid 5734] close(3) = 0 [pid 5734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5734] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5735 attached [pid 5735] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5734] <... clone3 resumed> => {parent_tid=[5735]}, 88) = 5735 [pid 5735] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5734] rt_sigprocmask(SIG_SETMASK, [], [pid 5735] rt_sigprocmask(SIG_SETMASK, [], [pid 5734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5734] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] memfd_create("syzkaller", 0 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5735] <... memfd_create resumed>) = 3 [pid 5735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5735] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5735] close(3) = 0 [pid 5735] mkdir("./file0", 0777) = 0 [pid 5735] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5735] chdir("./file0") = 0 [pid 5735] ioctl(4, LOOP_CLR_FD) = 0 [pid 5735] close(4) = 0 [ 234.652024][ T5735] loop0: detected capacity change from 0 to 2048 [ 234.667045][ T5735] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 234.678691][ T5735] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5735] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5734] <... futex resumed>) = 1 [pid 5735] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... open resumed>) = 4 [pid 5735] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5734] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... open resumed>) = 5 [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5735] ftruncate(5, 33587199 [pid 5734] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... ftruncate resumed>) = 0 [pid 5735] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] <... futex resumed>) = 0 [pid 5734] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5734] <... futex resumed>) = 1 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5734] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5734] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5734] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5735] <... mmap resumed>) = 0x20000000 [pid 5735] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5736 attached [pid 5736] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5736] set_robust_list(0x7f50e61579a0, 24 [pid 5734] <... clone3 resumed> => {parent_tid=[5736]}, 88) = 5736 [pid 5736] <... set_robust_list resumed>) = 0 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], [pid 5734] rt_sigprocmask(SIG_SETMASK, [], [pid 5736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5736] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5736] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5736] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] read(6, [pid 5734] <... futex resumed>) = 1 [pid 5734] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5734] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5734] <... futex resumed>) = 1 [pid 5734] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5736] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5735] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5735] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] <... futex resumed>) = ? [pid 5736] +++ killed by SIGBUS +++ [pid 5735] <... futex resumed>) = ? [pid 5735] +++ killed by SIGBUS +++ [pid 5734] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5734, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5737 attached , child_tidptr=0x55555720b690) = 5737 [pid 5737] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5737] chdir("./220") = 0 [pid 5737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5737] setpgid(0, 0) = 0 [pid 5737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5737] write(3, "1000", 4) = 4 [pid 5737] close(3) = 0 [pid 5737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5737] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5737] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5737] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5737] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5738 attached [pid 5738] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5737] <... clone3 resumed> => {parent_tid=[5738]}, 88) = 5738 [pid 5738] <... rseq resumed>) = 0 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] set_robust_list(0x7f50e61789a0, 24 [pid 5737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] <... set_robust_list resumed>) = 0 [pid 5737] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5737] <... futex resumed>) = 0 [pid 5738] memfd_create("syzkaller", 0 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5738] <... memfd_create resumed>) = 3 [pid 5738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5738] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5738] close(3) = 0 [pid 5738] mkdir("./file0", 0777) = 0 [pid 5738] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5738] chdir("./file0") = 0 [pid 5738] ioctl(4, LOOP_CLR_FD) = 0 [pid 5738] close(4) = 0 [pid 5738] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] <... futex resumed>) = 0 [pid 5737] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5737] <... futex resumed>) = 0 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... open resumed>) = 4 [pid 5738] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] <... futex resumed>) = 0 [pid 5738] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 235.340228][ T5738] loop0: detected capacity change from 0 to 2048 [ 235.368311][ T5738] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 235.380382][ T5738] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5738] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5737] <... futex resumed>) = 0 [pid 5738] <... open resumed>) = 5 [pid 5738] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... futex resumed>) = 0 [pid 5737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... futex resumed>) = 0 [pid 5738] ftruncate(5, 33587199) = 0 [pid 5738] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] <... futex resumed>) = 0 [pid 5737] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5738] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5737] <... futex resumed>) = 1 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5737] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5737] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5738] <... mmap resumed>) = 0x20000000 [pid 5737] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5738] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5737] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5739 attached [pid 5738] <... futex resumed>) = 0 [pid 5737] <... clone3 resumed> => {parent_tid=[5739]}, 88) = 5739 [pid 5738] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] rt_sigprocmask(SIG_SETMASK, [], [pid 5739] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5737] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... rseq resumed>) = 0 [pid 5739] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5739] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5739] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5737] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... futex resumed>) = 0 [pid 5737] <... futex resumed>) = 1 [pid 5737] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] read(6, [pid 5737] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5737] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] <... futex resumed>) = 0 [pid 5739] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5738] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5737] <... futex resumed>) = ? [pid 5739] +++ killed by SIGBUS +++ [pid 5738] +++ killed by SIGBUS +++ [pid 5737] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5737, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5740 attached , child_tidptr=0x55555720b690) = 5740 [pid 5740] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5740] chdir("./221") = 0 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5740] setpgid(0, 0) = 0 [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5740] write(3, "1000", 4) = 4 [pid 5740] close(3) = 0 [pid 5740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5740] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5740] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5740] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5740] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5741 attached [pid 5741] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5740] <... clone3 resumed> => {parent_tid=[5741]}, 88) = 5741 [pid 5741] set_robust_list(0x7f50e61789a0, 24 [pid 5740] rt_sigprocmask(SIG_SETMASK, [], [pid 5741] <... set_robust_list resumed>) = 0 [pid 5740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5741] rt_sigprocmask(SIG_SETMASK, [], [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5740] <... futex resumed>) = 0 [pid 5741] memfd_create("syzkaller", 0 [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5741] <... memfd_create resumed>) = 3 [pid 5741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5741] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5741] close(3) = 0 [pid 5741] mkdir("./file0", 0777) = 0 [pid 5741] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5741] chdir("./file0") = 0 [pid 5741] ioctl(4, LOOP_CLR_FD) = 0 [pid 5741] close(4) = 0 [pid 5741] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] <... futex resumed>) = 0 [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5741] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 235.925857][ T5741] loop0: detected capacity change from 0 to 2048 [ 235.942337][ T5741] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 235.954314][ T5741] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... open resumed>) = 4 [pid 5741] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5741] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] <... futex resumed>) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5741] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = 0 [pid 5741] ftruncate(5, 33587199 [pid 5740] <... futex resumed>) = 1 [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... ftruncate resumed>) = 0 [pid 5741] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5741] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... mmap resumed>) = 0x20000000 [pid 5740] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5741] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] <... futex resumed>) = 0 [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5741] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] <... futex resumed>) = 0 [pid 5740] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5740] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] read(6, [pid 5740] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5740] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5740] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5740] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5742 attached [pid 5742] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5742] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5742] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] <... clone3 resumed> => {parent_tid=[5742]}, 88) = 5742 [pid 5740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5740] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = 1 [pid 5740] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5742] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006a000} --- [pid 5741] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 270208 [pid 5741] +++ killed by SIGBUS +++ [pid 5740] <... futex resumed>) = ? [pid 5742] +++ killed by SIGBUS +++ [pid 5740] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5740, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5743 attached , child_tidptr=0x55555720b690) = 5743 [pid 5743] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5743] chdir("./222") = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5743] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5743] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5743] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5744 attached [pid 5744] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5743] <... clone3 resumed> => {parent_tid=[5744]}, 88) = 5744 [pid 5744] <... rseq resumed>) = 0 [pid 5744] set_robust_list(0x7f50e61789a0, 24 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] <... set_robust_list resumed>) = 0 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], [pid 5743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5743] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] memfd_create("syzkaller", 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5744] <... memfd_create resumed>) = 3 [pid 5744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5744] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5744] close(3) = 0 [pid 5744] mkdir("./file0", 0777) = 0 [pid 5744] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5744] chdir("./file0") = 0 [pid 5744] ioctl(4, LOOP_CLR_FD) = 0 [pid 5744] close(4) = 0 [pid 5744] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... futex resumed>) = 0 [ 236.664119][ T5744] loop0: detected capacity change from 0 to 2048 [ 236.692913][ T5744] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 236.705023][ T5744] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5743] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... futex resumed>) = 0 [pid 5744] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5744] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5744] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5743] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... open resumed>) = 5 [pid 5744] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] ftruncate(5, 33587199 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... ftruncate resumed>) = 0 [pid 5744] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5743] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5743] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5743] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5745 attached [pid 5745] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5743] <... clone3 resumed> => {parent_tid=[5745]}, 88) = 5745 [pid 5745] set_robust_list(0x7f50e61579a0, 24 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], [pid 5745] <... set_robust_list resumed>) = 0 [pid 5743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5743] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5745] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5743] <... futex resumed>) = 1 [pid 5745] read(6, [pid 5743] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... mmap resumed>) = 0x20000000 [pid 5743] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5743] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5744] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... mmap resumed>) = 0x7f50e6116000 [pid 5743] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5746 attached [pid 5746] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053) = 0 [pid 5746] set_robust_list(0x7f50e61369a0, 24) = 0 [pid 5746] rt_sigprocmask(SIG_SETMASK, [], [pid 5743] <... clone3 resumed> => {parent_tid=[5746]}, 88) = 5746 [pid 5746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], [pid 5746] futex(0x7f50e62636e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5746] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006f000} --- [pid 5745] <... read resumed> ) = ? [pid 5744] <... futex resumed>) = ? [pid 5743] <... futex resumed>) = ? [pid 5746] +++ killed by SIGBUS +++ [pid 5745] +++ killed by SIGBUS +++ [pid 5744] +++ killed by SIGBUS +++ [pid 5743] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5743, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5748 attached [pid 5748] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5748 [pid 5748] <... set_robust_list resumed>) = 0 [pid 5748] chdir("./223") = 0 [pid 5748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5748] setpgid(0, 0) = 0 [pid 5748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5748] write(3, "1000", 4) = 4 [pid 5748] close(3) = 0 [pid 5748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5748] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5749 attached [pid 5749] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5748] <... clone3 resumed> => {parent_tid=[5749]}, 88) = 5749 [pid 5749] <... rseq resumed>) = 0 [pid 5748] rt_sigprocmask(SIG_SETMASK, [], [pid 5749] set_robust_list(0x7f50e61789a0, 24 [pid 5748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5749] <... set_robust_list resumed>) = 0 [pid 5748] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], [pid 5748] <... futex resumed>) = 0 [pid 5749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5749] memfd_create("syzkaller", 0 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5749] <... memfd_create resumed>) = 3 [pid 5749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5749] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5749] close(3) = 0 [pid 5749] mkdir("./file0", 0777) = 0 [pid 5749] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5749] chdir("./file0") = 0 [pid 5749] ioctl(4, LOOP_CLR_FD) = 0 [pid 5749] close(4) = 0 [ 237.372033][ T5749] loop0: detected capacity change from 0 to 2048 [ 237.398325][ T5749] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 237.410879][ T5749] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5749] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5749] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5748] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... open resumed>) = 4 [pid 5749] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5749] <... futex resumed>) = 1 [pid 5748] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5748] <... futex resumed>) = 0 [pid 5749] <... open resumed>) = 5 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5749] <... futex resumed>) = 1 [pid 5748] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] ftruncate(5, 33587199 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... ftruncate resumed>) = 0 [pid 5749] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5749] <... futex resumed>) = 1 [pid 5748] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5748] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5749] <... mmap resumed>) = 0x20000000 [pid 5748] <... mmap resumed>) = 0x7f50e6137000 [pid 5749] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] <... mprotect resumed>) = 0 [pid 5748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5750 attached => {parent_tid=[5750]}, 88) = 5750 [pid 5750] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5750] set_robust_list(0x7f50e61579a0, 24 [pid 5748] rt_sigprocmask(SIG_SETMASK, [], [pid 5750] <... set_robust_list resumed>) = 0 [pid 5748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], [pid 5748] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5750] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5748] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] read(6, [pid 5748] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5748] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... futex resumed>) = 0 [pid 5748] <... futex resumed>) = 1 [pid 5748] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5749] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5748] <... futex resumed>) = ? [pid 5750] +++ killed by SIGBUS +++ [pid 5749] +++ killed by SIGBUS +++ [pid 5748] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5748, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5751 attached , child_tidptr=0x55555720b690) = 5751 [pid 5751] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5751] chdir("./224") = 0 [pid 5751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5751] setpgid(0, 0) = 0 [pid 5751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5751] write(3, "1000", 4) = 4 [pid 5751] close(3) = 0 [pid 5751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5751] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5751] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5752 attached => {parent_tid=[5752]}, 88) = 5752 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5751] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5751] <... futex resumed>) = 0 [pid 5752] set_robust_list(0x7f50e61789a0, 24 [pid 5751] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5752] <... set_robust_list resumed>) = 0 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5752] memfd_create("syzkaller", 0) = 3 [pid 5752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5752] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5752] close(3) = 0 [pid 5752] mkdir("./file0", 0777) = 0 [pid 5752] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5752] chdir("./file0") = 0 [pid 5752] ioctl(4, LOOP_CLR_FD) = 0 [pid 5752] close(4) = 0 [pid 5752] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5752] <... futex resumed>) = 1 [pid 5752] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5752] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5752] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5751] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5751] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5751] <... futex resumed>) = 1 [pid 5752] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5751] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] <... open resumed>) = 5 [pid 5752] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5752] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5751] <... futex resumed>) = 0 [pid 5752] ftruncate(5, 33587199 [pid 5751] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] <... ftruncate resumed>) = 0 [ 238.140447][ T5752] loop0: detected capacity change from 0 to 2048 [ 238.151248][ T5752] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 238.163459][ T5752] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5752] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5752] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5751] <... futex resumed>) = 0 [pid 5752] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5751] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5751] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5751] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5753 attached [pid 5753] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5751] <... clone3 resumed> => {parent_tid=[5753]}, 88) = 5753 [pid 5753] <... rseq resumed>) = 0 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], [pid 5753] set_robust_list(0x7f50e61579a0, 24 [pid 5751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5753] <... set_robust_list resumed>) = 0 [pid 5752] <... mmap resumed>) = 0x20000000 [pid 5751] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5751] <... futex resumed>) = 0 [pid 5751] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5753] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5753] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5752] read(6, [pid 5751] <... futex resumed>) = 1 [pid 5751] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5751] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = 0 [pid 5751] <... futex resumed>) = 1 [pid 5751] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5753] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5752] <... read resumed>) = ? [pid 5751] <... futex resumed>) = ? [pid 5752] +++ killed by SIGBUS +++ [pid 5753] +++ killed by SIGBUS +++ [pid 5751] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5751, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5754 attached , child_tidptr=0x55555720b690) = 5754 [pid 5754] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5754] chdir("./225") = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5754] setpgid(0, 0) = 0 [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5754] write(3, "1000", 4) = 4 [pid 5754] close(3) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5754] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5754] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5755 attached [pid 5755] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5754] <... clone3 resumed> => {parent_tid=[5755]}, 88) = 5755 [pid 5755] set_robust_list(0x7f50e61789a0, 24 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5755] <... set_robust_list resumed>) = 0 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5754] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] memfd_create("syzkaller", 0 [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5755] <... memfd_create resumed>) = 3 [pid 5755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5755] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5755] close(3) = 0 [pid 5755] mkdir("./file0", 0777) = 0 [pid 5755] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5755] chdir("./file0") = 0 [pid 5755] ioctl(4, LOOP_CLR_FD) = 0 [pid 5755] close(4) = 0 [pid 5755] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... futex resumed>) = 0 [pid 5755] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5755] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5754] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... open resumed>) = 5 [pid 5755] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5755] ftruncate(5, 33587199 [ 238.853780][ T5755] loop0: detected capacity change from 0 to 2048 [ 238.879855][ T5755] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 238.892601][ T5755] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5754] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... ftruncate resumed>) = 0 [pid 5755] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5754] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5754] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5755] <... mmap resumed>) = 0x20000000 [pid 5755] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5757 attached [pid 5757] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5757] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5754] <... clone3 resumed> => {parent_tid=[5757]}, 88) = 5757 [pid 5757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5757] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5757] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5755] read(6, [pid 5754] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5754] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5754] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5757] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5755] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5754] <... futex resumed>) = ? [pid 5757] +++ killed by SIGBUS +++ [pid 5755] +++ killed by SIGBUS +++ [pid 5754] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5754, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5761 attached , child_tidptr=0x55555720b690) = 5761 [pid 5761] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5761] chdir("./226") = 0 [pid 5761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5761] setpgid(0, 0) = 0 [pid 5761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5761] write(3, "1000", 4) = 4 [pid 5761] close(3) = 0 [pid 5761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5761] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5761] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5761] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5761] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5761] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5762 attached => {parent_tid=[5762]}, 88) = 5762 [pid 5762] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5762] set_robust_list(0x7f50e61789a0, 24 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], [pid 5762] <... set_robust_list resumed>) = 0 [pid 5761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5762] rt_sigprocmask(SIG_SETMASK, [], [pid 5761] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] <... futex resumed>) = 0 [pid 5762] memfd_create("syzkaller", 0 [pid 5761] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5762] <... memfd_create resumed>) = 3 [pid 5762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5762] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5762] close(3) = 0 [pid 5762] mkdir("./file0", 0777) = 0 [pid 5762] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5762] chdir("./file0") = 0 [pid 5762] ioctl(4, LOOP_CLR_FD) = 0 [pid 5762] close(4) = 0 [pid 5762] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 0 [pid 5761] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... futex resumed>) = 1 [pid 5761] <... futex resumed>) = 0 [pid 5762] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 239.647054][ T5762] loop0: detected capacity change from 0 to 2048 [ 239.661918][ T5762] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 239.673874][ T5762] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5761] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] <... open resumed>) = 4 [pid 5762] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = 1 [pid 5762] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5761] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... futex resumed>) = 0 [pid 5761] <... futex resumed>) = 1 [pid 5762] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5761] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] <... open resumed>) = 5 [pid 5762] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = 1 [pid 5761] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] ftruncate(5, 33587199 [pid 5761] <... futex resumed>) = 0 [pid 5761] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] <... ftruncate resumed>) = 0 [pid 5762] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5761] <... futex resumed>) = 0 [pid 5761] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... futex resumed>) = 0 [pid 5761] <... futex resumed>) = 1 [pid 5762] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5761] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5761] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5761] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5762] <... mmap resumed>) = 0x20000000 [pid 5761] <... mprotect resumed>) = 0 [pid 5762] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5762] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5761] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5761] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5763 attached [pid 5763] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5761] <... clone3 resumed> => {parent_tid=[5763]}, 88) = 5763 [pid 5763] <... rseq resumed>) = 0 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], [pid 5763] set_robust_list(0x7f50e61579a0, 24 [pid 5761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5763] <... set_robust_list resumed>) = 0 [pid 5761] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5761] <... futex resumed>) = 0 [pid 5761] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5763] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5761] <... futex resumed>) = 0 [pid 5761] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... futex resumed>) = 0 [pid 5761] <... futex resumed>) = 1 [pid 5762] read(6, [pid 5761] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5761] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5761] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = 0 [pid 5761] <... futex resumed>) = 1 [pid 5761] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5763] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5762] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5762] +++ killed by SIGBUS +++ [pid 5761] <... futex resumed>) = ? [pid 5763] +++ killed by SIGBUS +++ [pid 5761] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5761, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5765 attached [pid 5765] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5765] chdir("./227" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5765 [pid 5765] <... chdir resumed>) = 0 [pid 5765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5765] setpgid(0, 0) = 0 [pid 5765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5765] write(3, "1000", 4) = 4 [pid 5765] close(3) = 0 [pid 5765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5765] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5765] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5766 attached [pid 5766] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5766] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], [pid 5765] <... clone3 resumed> => {parent_tid=[5766]}, 88) = 5766 [pid 5766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] rt_sigprocmask(SIG_SETMASK, [], [pid 5766] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5766] memfd_create("syzkaller", 0 [pid 5765] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5766] <... memfd_create resumed>) = 3 [pid 5766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5766] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5766] close(3) = 0 [pid 5766] mkdir("./file0", 0777) = 0 [pid 5766] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5766] chdir("./file0") = 0 [pid 5766] ioctl(4, LOOP_CLR_FD) = 0 [pid 5766] close(4) = 0 [pid 5766] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5766] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5766] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5765] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... open resumed>) = 4 [ 240.474312][ T5766] loop0: detected capacity change from 0 to 2048 [ 240.489188][ T5766] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 240.501527][ T5766] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5766] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5766] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5765] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... open resumed>) = 5 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5766] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5766] ftruncate(5, 33587199 [pid 5765] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... ftruncate resumed>) = 0 [pid 5766] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5765] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5765] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5766] <... mmap resumed>) = 0x20000000 [pid 5765] <... mprotect resumed>) = 0 [pid 5766] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5766] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5767 attached [pid 5767] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5765] <... clone3 resumed> => {parent_tid=[5767]}, 88) = 5767 [pid 5767] <... rseq resumed>) = 0 [pid 5765] rt_sigprocmask(SIG_SETMASK, [], [pid 5767] set_robust_list(0x7f50e61579a0, 24 [pid 5765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5767] <... set_robust_list resumed>) = 0 [pid 5767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5767] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5767] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5767] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5766] read(6, [pid 5765] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5765] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5765] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5767] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5766] <... read resumed> ) = ? [pid 5765] <... futex resumed>) = ? [pid 5767] +++ killed by SIGBUS +++ [pid 5766] +++ killed by SIGBUS +++ [pid 5765] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5765, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5768 attached , child_tidptr=0x55555720b690) = 5768 [pid 5768] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5768] chdir("./228") = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5768] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5769 attached => {parent_tid=[5769]}, 88) = 5769 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5769] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5769] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], [pid 5768] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] <... futex resumed>) = 0 [pid 5769] memfd_create("syzkaller", 0 [pid 5768] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5769] <... memfd_create resumed>) = 3 [pid 5769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5769] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5769] close(3) = 0 [pid 5769] mkdir("./file0", 0777) = 0 [pid 5769] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5769] chdir("./file0") = 0 [pid 5769] ioctl(4, LOOP_CLR_FD) = 0 [pid 5769] close(4) = 0 [pid 5769] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... open resumed>) = 4 [pid 5769] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5769] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5768] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... open resumed>) = 5 [pid 5769] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... futex resumed>) = 0 [pid 5769] ftruncate(5, 33587199 [ 241.199119][ T5769] loop0: detected capacity change from 0 to 2048 [ 241.214502][ T5769] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 241.226662][ T5769] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5768] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... ftruncate resumed>) = 0 [pid 5769] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5768] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5768] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5768] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] <... mmap resumed>) = 0x20000000 [pid 5769] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5769] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5770 attached [pid 5769] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5770] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5768] <... clone3 resumed> => {parent_tid=[5770]}, 88) = 5770 [pid 5770] <... rseq resumed>) = 0 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5770] set_robust_list(0x7f50e61579a0, 24 [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5770] <... set_robust_list resumed>) = 0 [pid 5768] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5770] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5770] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5769] read(6, [pid 5768] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5768] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5768] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5769] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5770] +++ killed by SIGBUS +++ [pid 5768] <... futex resumed>) = ? [pid 5769] +++ killed by SIGBUS +++ [pid 5768] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5768, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5771 attached , child_tidptr=0x55555720b690) = 5771 [pid 5771] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5771] chdir("./229") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5771] write(3, "1000", 4) = 4 [pid 5771] close(3) = 0 [pid 5771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5771] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5771] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5772 attached [pid 5772] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5772] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] <... clone3 resumed> => {parent_tid=[5772]}, 88) = 5772 [pid 5772] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5772] memfd_create("syzkaller", 0 [pid 5771] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5772] <... memfd_create resumed>) = 3 [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5772] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5772] close(3) = 0 [pid 5772] mkdir("./file0", 0777) = 0 [pid 5772] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5772] chdir("./file0") = 0 [pid 5772] ioctl(4, LOOP_CLR_FD) = 0 [pid 5772] close(4) = 0 [pid 5772] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... open resumed>) = 4 [ 241.860415][ T5772] loop0: detected capacity change from 0 to 2048 [ 241.886117][ T5772] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 241.898397][ T5772] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5772] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... open resumed>) = 5 [pid 5771] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5772] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5772] ftruncate(5, 33587199 [pid 5771] <... futex resumed>) = 1 [pid 5771] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... ftruncate resumed>) = 0 [pid 5772] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5771] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5771] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5773 attached [pid 5772] <... mmap resumed>) = 0x20000000 [pid 5771] <... clone3 resumed> => {parent_tid=[5773]}, 88) = 5773 [pid 5772] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], [pid 5773] <... rseq resumed>) = 0 [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] set_robust_list(0x7f50e61579a0, 24 [pid 5771] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... set_robust_list resumed>) = 0 [pid 5771] <... futex resumed>) = 0 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], [pid 5771] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5772] <... futex resumed>) = 0 [pid 5773] <... openat resumed>) = 6 [pid 5772] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5773] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5772] read(6, [pid 5771] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5771] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5771] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5773] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5772] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 483200 [pid 5772] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5771] <... futex resumed>) = ? [pid 5773] +++ killed by SIGBUS +++ [pid 5772] +++ killed by SIGBUS +++ [pid 5771] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5771, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 [ 242.348565][ T2805] bio_check_eod: 25 callbacks suppressed [ 242.348578][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.348578][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.368097][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.368097][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.382168][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.382168][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.395950][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.395950][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.409709][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.409709][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.423530][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.423530][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.437220][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.437220][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.450935][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.450935][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.464759][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.464759][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 [ 242.478526][ T2805] kworker/u4:10: attempt to access beyond end of device [ 242.478526][ T2805] loop0: rw=1, sector=2051, nr_sectors = 8 limit=2048 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5774 attached , child_tidptr=0x55555720b690) = 5774 [pid 5774] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5774] chdir("./230") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5774] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5775 attached [pid 5775] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5774] <... clone3 resumed> => {parent_tid=[5775]}, 88) = 5775 [pid 5775] <... rseq resumed>) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5775] set_robust_list(0x7f50e61789a0, 24 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5775] <... set_robust_list resumed>) = 0 [pid 5774] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] <... futex resumed>) = 0 [pid 5775] memfd_create("syzkaller", 0 [pid 5774] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5775] <... memfd_create resumed>) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5775] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] mkdir("./file0", 0777) = 0 [pid 5775] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5775] chdir("./file0") = 0 [pid 5775] ioctl(4, LOOP_CLR_FD) = 0 [pid 5775] close(4) = 0 [pid 5775] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [ 242.763354][ T5775] loop0: detected capacity change from 0 to 2048 [ 242.784197][ T5775] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 242.796320][ T5775] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5775] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5774] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... open resumed>) = 4 [pid 5775] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5774] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] <... futex resumed>) = 0 [pid 5775] ftruncate(5, 33587199 [pid 5774] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... ftruncate resumed>) = 0 [pid 5775] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5775] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5774] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5774] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5774] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5775] <... mmap resumed>) = 0x20000000 [pid 5775] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5775] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5776 attached [pid 5775] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... clone3 resumed> => {parent_tid=[5776]}, 88) = 5776 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5774] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5776] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5776] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5775] read(6, [pid 5774] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5774] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5774] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5776] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5775] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5774] <... futex resumed>) = ? [pid 5775] +++ killed by SIGBUS +++ [pid 5776] +++ killed by SIGBUS +++ [pid 5774] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5774, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5777 attached , child_tidptr=0x55555720b690) = 5777 [pid 5777] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5777] chdir("./231") = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [pid 5777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5777] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5777] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5777] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5778 attached => {parent_tid=[5778]}, 88) = 5778 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5777] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5777] <... futex resumed>) = 0 [pid 5778] set_robust_list(0x7f50e61789a0, 24 [pid 5777] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5778] <... set_robust_list resumed>) = 0 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5778] memfd_create("syzkaller", 0) = 3 [pid 5778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5778] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5778] close(3) = 0 [pid 5778] mkdir("./file0", 0777) = 0 [pid 5778] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5778] chdir("./file0") = 0 [pid 5778] ioctl(4, LOOP_CLR_FD) = 0 [pid 5778] close(4) = 0 [pid 5778] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] <... futex resumed>) = 0 [ 243.484435][ T5778] loop0: detected capacity change from 0 to 2048 [ 243.502933][ T5778] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 243.514963][ T5778] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5778] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5778] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5778] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5777] <... futex resumed>) = 1 [pid 5778] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5777] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5778] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5777] <... futex resumed>) = 0 [pid 5778] ftruncate(5, 33587199 [pid 5777] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] <... ftruncate resumed>) = 0 [pid 5778] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] <... futex resumed>) = 1 [pid 5778] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5777] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5777] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5777] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5778] <... mmap resumed>) = 0x20000000 [pid 5778] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5779 attached => {parent_tid=[5779]}, 88) = 5779 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5777] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5777] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5779] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5779] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5779] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5777] <... futex resumed>) = 1 [pid 5778] read(6, [pid 5777] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5777] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5779] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5778] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5777] <... futex resumed>) = ? [pid 5779] +++ killed by SIGBUS +++ [pid 5778] +++ killed by SIGBUS +++ [pid 5777] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5777, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5780 attached , child_tidptr=0x55555720b690) = 5780 [pid 5780] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5780] chdir("./232") = 0 [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5780] setpgid(0, 0) = 0 [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5780] write(3, "1000", 4) = 4 [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5780] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5780] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5781 attached => {parent_tid=[5781]}, 88) = 5781 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5780] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5781] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5781] memfd_create("syzkaller", 0) = 3 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5781] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5781] close(3) = 0 [pid 5781] mkdir("./file0", 0777) = 0 [pid 5781] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5781] chdir("./file0") = 0 [pid 5781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5781] close(4) = 0 [pid 5781] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5781] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5780] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... open resumed>) = 4 [ 244.254194][ T5781] loop0: detected capacity change from 0 to 2048 [ 244.269724][ T5781] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 244.282294][ T5781] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5781] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... futex resumed>) = 1 [pid 5781] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5781] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] ftruncate(5, 33587199 [pid 5780] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... ftruncate resumed>) = 0 [pid 5781] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5781] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5780] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5780] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5780] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5782 attached => {parent_tid=[5782]}, 88) = 5782 [pid 5782] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], [pid 5782] <... rseq resumed>) = 0 [pid 5780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5782] set_robust_list(0x7f50e61579a0, 24 [pid 5780] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... set_robust_list resumed>) = 0 [pid 5780] <... futex resumed>) = 0 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], [pid 5780] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5782] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5782] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] <... mmap resumed>) = 0x20000000 [pid 5780] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] read(6, [pid 5781] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5780] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5780] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5782] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5781] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5780] <... futex resumed>) = ? [pid 5782] +++ killed by SIGBUS +++ [pid 5781] +++ killed by SIGBUS +++ [pid 5780] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5780, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5783 attached , child_tidptr=0x55555720b690) = 5783 [pid 5783] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5783] chdir("./233") = 0 [pid 5783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5783] setpgid(0, 0) = 0 [pid 5783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5783] write(3, "1000", 4) = 4 [pid 5783] close(3) = 0 [pid 5783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5783] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5783] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5784 attached => {parent_tid=[5784]}, 88) = 5784 [pid 5784] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5783] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5784] <... rseq resumed>) = 0 [pid 5784] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5784] memfd_create("syzkaller", 0) = 3 [pid 5784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5784] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5784] close(3) = 0 [pid 5784] mkdir("./file0", 0777) = 0 [pid 5784] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5784] chdir("./file0") = 0 [pid 5784] ioctl(4, LOOP_CLR_FD) = 0 [pid 5784] close(4) = 0 [pid 5784] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5784] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5783] <... futex resumed>) = 0 [pid 5784] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 244.948580][ T5784] loop0: detected capacity change from 0 to 2048 [ 244.969306][ T5784] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 244.981321][ T5784] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... open resumed>) = 4 [pid 5784] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... open resumed>) = 5 [pid 5784] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] ftruncate(5, 33587199) = 0 [pid 5784] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5784] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5783] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5784] <... mmap resumed>) = 0x20000000 [pid 5784] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] <... mprotect resumed>) = 0 [pid 5783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5785 attached [pid 5785] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5783] <... clone3 resumed> => {parent_tid=[5785]}, 88) = 5785 [pid 5785] <... rseq resumed>) = 0 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] set_robust_list(0x7f50e61579a0, 24 [pid 5783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5783] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] rt_sigprocmask(SIG_SETMASK, [], [pid 5783] <... futex resumed>) = 0 [pid 5785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5785] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5785] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... futex resumed>) = 0 [pid 5784] read(6, [pid 5783] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5783] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5783] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5783] <... futex resumed>) = 1 [pid 5783] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5784] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5783] <... futex resumed>) = ? [pid 5785] +++ killed by SIGBUS +++ [pid 5784] +++ killed by SIGBUS +++ [pid 5783] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5783, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5786 attached , child_tidptr=0x55555720b690) = 5786 [pid 5786] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5786] chdir("./234") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5786] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5787 attached [pid 5787] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5786] <... clone3 resumed> => {parent_tid=[5787]}, 88) = 5787 [pid 5787] <... rseq resumed>) = 0 [pid 5786] rt_sigprocmask(SIG_SETMASK, [], [pid 5787] set_robust_list(0x7f50e61789a0, 24 [pid 5786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5787] <... set_robust_list resumed>) = 0 [pid 5786] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5786] <... futex resumed>) = 0 [pid 5787] memfd_create("syzkaller", 0 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5787] <... memfd_create resumed>) = 3 [pid 5787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5787] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5787] close(3) = 0 [pid 5787] mkdir("./file0", 0777) = 0 [pid 5787] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5787] chdir("./file0") = 0 [pid 5787] ioctl(4, LOOP_CLR_FD) = 0 [pid 5787] close(4) = 0 [pid 5787] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... open resumed>) = 4 [ 245.649815][ T5787] loop0: detected capacity change from 0 to 2048 [ 245.665737][ T5787] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 245.678028][ T5787] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5787] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5786] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5786] <... futex resumed>) = 0 [pid 5787] <... open resumed>) = 5 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] ftruncate(5, 33587199 [pid 5786] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... ftruncate resumed>) = 0 [pid 5787] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5786] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5786] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5786] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5787] <... mmap resumed>) = 0x20000000 [pid 5787] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5788 attached [pid 5787] <... futex resumed>) = 0 [pid 5786] <... clone3 resumed> => {parent_tid=[5788]}, 88) = 5788 [pid 5788] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5788] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5788] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5787] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5786] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5786] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5788] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5788] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5788] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5787] <... futex resumed>) = 0 [pid 5786] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] read(6, [pid 5786] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5786] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5786] <... futex resumed>) = 1 [pid 5786] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5788] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5787] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5787] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5786] <... futex resumed>) = ? [pid 5788] +++ killed by SIGBUS +++ [pid 5787] +++ killed by SIGBUS +++ [pid 5786] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5786, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5789 attached , child_tidptr=0x55555720b690) = 5789 [pid 5789] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5789] chdir("./235") = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5789] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5790 attached [pid 5790] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5789] <... clone3 resumed> => {parent_tid=[5790]}, 88) = 5790 [pid 5790] <... rseq resumed>) = 0 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5790] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5789] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] memfd_create("syzkaller", 0 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5790] <... memfd_create resumed>) = 3 [pid 5790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5790] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5790] close(3) = 0 [pid 5790] mkdir("./file0", 0777) = 0 [pid 5790] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5790] chdir("./file0") = 0 [pid 5790] ioctl(4, LOOP_CLR_FD) = 0 [pid 5790] close(4) = 0 [pid 5790] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 246.330198][ T5790] loop0: detected capacity change from 0 to 2048 [ 246.346502][ T5790] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 246.358757][ T5790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5790] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] <... futex resumed>) = 1 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5790] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] <... futex resumed>) = 1 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] ftruncate(5, 33587199) = 0 [pid 5790] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5789] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5789] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5789] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5790] <... mmap resumed>) = 0x20000000 [pid 5790] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5791 attached => {parent_tid=[5791]}, 88) = 5791 [pid 5791] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5791] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5791] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5789] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5791] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5791] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] read(6, [pid 5789] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5789] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5789] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5789] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5791] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5790] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5790] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] ???( [pid 5789] <... futex resumed>) = ? [pid 5791] +++ killed by SIGBUS +++ [pid 5790] <... ??? resumed>) = ? [pid 5790] +++ killed by SIGBUS +++ [pid 5789] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5789, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/binderfs") = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5792 attached , child_tidptr=0x55555720b690) = 5792 [pid 5792] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5792] chdir("./236") = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5792] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5793 attached [pid 5793] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5792] <... clone3 resumed> => {parent_tid=[5793]}, 88) = 5793 [pid 5793] set_robust_list(0x7f50e61789a0, 24 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], [pid 5792] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5793] memfd_create("syzkaller", 0) = 3 [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5793] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5793] close(3) = 0 [pid 5793] mkdir("./file0", 0777) = 0 [pid 5793] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5793] chdir("./file0") = 0 [pid 5793] ioctl(4, LOOP_CLR_FD) = 0 [pid 5793] close(4) = 0 [pid 5793] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5792] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... open resumed>) = 4 [ 247.044694][ T5793] loop0: detected capacity change from 0 to 2048 [ 247.055252][ T5793] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 247.066997][ T5793] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5793] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5793] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... futex resumed>) = 0 [pid 5793] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5793] <... futex resumed>) = 0 [pid 5793] ftruncate(5, 33587199 [pid 5792] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... ftruncate resumed>) = 0 [pid 5793] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5792] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5792] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5792] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5794 attached [pid 5794] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5792] <... clone3 resumed> => {parent_tid=[5794]}, 88) = 5794 [pid 5794] <... rseq resumed>) = 0 [pid 5794] set_robust_list(0x7f50e61579a0, 24 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], [pid 5794] <... set_robust_list resumed>) = 0 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5792] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5794] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5793] <... mmap resumed>) = 0x20000000 [pid 5794] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5793] read(6, [pid 5792] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5792] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 1 [pid 5792] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5793] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5792] <... futex resumed>) = ? [pid 5793] +++ killed by SIGBUS +++ [pid 5794] +++ killed by SIGBUS +++ [pid 5792] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5792, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5795 attached , child_tidptr=0x55555720b690) = 5795 [pid 5795] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5795] chdir("./237") = 0 [pid 5795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5795] setpgid(0, 0) = 0 [pid 5795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5795] write(3, "1000", 4) = 4 [pid 5795] close(3) = 0 [pid 5795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5795] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5795] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5796 attached => {parent_tid=[5796]}, 88) = 5796 [pid 5796] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5795] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5796] <... rseq resumed>) = 0 [pid 5796] set_robust_list(0x7f50e61789a0, 24 [pid 5795] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5796] <... set_robust_list resumed>) = 0 [pid 5796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5796] memfd_create("syzkaller", 0) = 3 [pid 5796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5796] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5796] close(3) = 0 [pid 5796] mkdir("./file0", 0777) = 0 [pid 5796] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5796] chdir("./file0") = 0 [pid 5796] ioctl(4, LOOP_CLR_FD) = 0 [pid 5796] close(4) = 0 [pid 5796] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] <... futex resumed>) = 0 [pid 5795] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = 0 [pid 5795] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 247.776193][ T5796] loop0: detected capacity change from 0 to 2048 [ 247.791715][ T5796] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 247.803991][ T5796] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5796] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5795] <... futex resumed>) = 0 [pid 5796] <... open resumed>) = 5 [pid 5795] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5795] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] ftruncate(5, 33587199) = 0 [pid 5796] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = 0 [pid 5796] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5795] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5795] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5795] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5796] <... mmap resumed>) = 0x20000000 [pid 5795] <... mprotect resumed>) = 0 [pid 5795] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5796] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5797 attached [pid 5797] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5797] set_robust_list(0x7f50e61579a0, 24 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... clone3 resumed> => {parent_tid=[5797]}, 88) = 5797 [pid 5797] <... set_robust_list resumed>) = 0 [pid 5796] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] rt_sigprocmask(SIG_SETMASK, [], [pid 5797] rt_sigprocmask(SIG_SETMASK, [], [pid 5795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5795] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5797] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5797] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5796] read(6, [pid 5795] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5795] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5795] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5797] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5796] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5796] ???() = ? [pid 5795] <... futex resumed>) = ? [pid 5796] +++ killed by SIGBUS +++ [pid 5797] +++ killed by SIGBUS +++ [pid 5795] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5795, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5798 attached , child_tidptr=0x55555720b690) = 5798 [pid 5798] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5798] chdir("./238") = 0 [pid 5798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5798] setpgid(0, 0) = 0 [pid 5798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5798] write(3, "1000", 4) = 4 [pid 5798] close(3) = 0 [pid 5798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5798] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5798] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5799 attached => {parent_tid=[5799]}, 88) = 5799 [pid 5799] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5799] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], [pid 5799] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5798] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5798] <... futex resumed>) = 1 [pid 5798] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] memfd_create("syzkaller", 0) = 3 [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5799] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5799] close(3) = 0 [pid 5799] mkdir("./file0", 0777) = 0 [pid 5799] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5799] chdir("./file0") = 0 [pid 5799] ioctl(4, LOOP_CLR_FD) = 0 [pid 5799] close(4) = 0 [pid 5799] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5798] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... open resumed>) = 4 [pid 5799] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5798] <... futex resumed>) = 0 [pid 5799] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5798] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5799] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 0 [pid 5799] ftruncate(5, 33587199) = 0 [pid 5799] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 248.461494][ T5799] loop0: detected capacity change from 0 to 2048 [ 248.488674][ T5799] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 248.500922][ T5799] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5798] <... futex resumed>) = 0 [pid 5799] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5798] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5798] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5798] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5799] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] <... mprotect resumed>) = 0 [pid 5799] <... futex resumed>) = 0 [pid 5798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5800 attached [pid 5800] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5798] <... clone3 resumed> => {parent_tid=[5800]}, 88) = 5800 [pid 5800] <... rseq resumed>) = 0 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], [pid 5800] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5800] rt_sigprocmask(SIG_SETMASK, [], [pid 5798] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5799] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] <... openat resumed>) = 6 [pid 5800] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5800] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 0 [pid 5798] <... futex resumed>) = 1 [pid 5799] read(6, [pid 5798] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5798] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5798] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5799] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5798] <... futex resumed>) = ? [pid 5800] +++ killed by SIGBUS +++ [pid 5799] +++ killed by SIGBUS +++ [pid 5798] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5798, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5801 attached [pid 5801] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5801 [pid 5801] <... set_robust_list resumed>) = 0 [pid 5801] chdir("./239") = 0 [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5801] setpgid(0, 0) = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5801] write(3, "1000", 4) = 4 [pid 5801] close(3) = 0 [pid 5801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5801] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5801] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5801] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5801] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5802 attached [pid 5802] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5801] <... clone3 resumed> => {parent_tid=[5802]}, 88) = 5802 [pid 5802] set_robust_list(0x7f50e61789a0, 24 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], [pid 5802] <... set_robust_list resumed>) = 0 [pid 5801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5802] rt_sigprocmask(SIG_SETMASK, [], [pid 5801] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5801] <... futex resumed>) = 0 [pid 5802] memfd_create("syzkaller", 0 [pid 5801] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5802] <... memfd_create resumed>) = 3 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5802] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5802] close(3) = 0 [pid 5802] mkdir("./file0", 0777) = 0 [pid 5802] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5802] chdir("./file0") = 0 [pid 5802] ioctl(4, LOOP_CLR_FD) = 0 [pid 5802] close(4) = 0 [pid 5802] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... futex resumed>) = 0 [ 249.128949][ T5802] loop0: detected capacity change from 0 to 2048 [ 249.155200][ T5802] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 249.167496][ T5802] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5801] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5801] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5802] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... futex resumed>) = 0 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5801] <... futex resumed>) = 0 [pid 5801] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] ftruncate(5, 33587199) = 0 [pid 5802] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... futex resumed>) = 0 [pid 5801] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5802] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5801] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5801] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5801] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5801] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5802] <... mmap resumed>) = 0x20000000 [pid 5802] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5802] <... futex resumed>) = 0 [pid 5801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5802] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... clone3 resumed> => {parent_tid=[5803]}, 88) = 5803 ./strace-static-x86_64: Process 5803 attached [pid 5803] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], [pid 5803] <... rseq resumed>) = 0 [pid 5801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5803] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5801] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], [pid 5801] <... futex resumed>) = 0 [pid 5803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5801] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5803] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... futex resumed>) = 0 [pid 5801] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5802] read(6, [pid 5801] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5801] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5801] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5803] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5802] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5801] <... futex resumed>) = ? [pid 5803] +++ killed by SIGBUS +++ [pid 5802] +++ killed by SIGBUS +++ [pid 5801] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5801, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/binderfs") = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5804 attached , child_tidptr=0x55555720b690) = 5804 [pid 5804] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5804] chdir("./240") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5804] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5805 attached => {parent_tid=[5805]}, 88) = 5805 [pid 5805] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5805] set_robust_list(0x7f50e61789a0, 24 [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5805] <... set_robust_list resumed>) = 0 [pid 5804] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... futex resumed>) = 0 [pid 5805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5805] memfd_create("syzkaller", 0) = 3 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5805] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5805] close(3) = 0 [pid 5805] mkdir("./file0", 0777) = 0 [pid 5805] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5805] chdir("./file0") = 0 [pid 5805] ioctl(4, LOOP_CLR_FD) = 0 [pid 5805] close(4) = 0 [pid 5805] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... futex resumed>) = 0 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... open resumed>) = 4 [pid 5805] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5804] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... open resumed>) = 5 [pid 5804] <... futex resumed>) = 0 [ 249.833661][ T5805] loop0: detected capacity change from 0 to 2048 [ 249.854342][ T5805] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 249.866429][ T5805] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5804] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] ftruncate(5, 33587199 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... ftruncate resumed>) = 0 [pid 5805] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5804] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5804] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5804] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5805] <... mmap resumed>) = 0x20000000 [pid 5804] <... mprotect resumed>) = 0 [pid 5805] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5805] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5806 attached [pid 5806] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5804] <... clone3 resumed> => {parent_tid=[5806]}, 88) = 5806 [pid 5806] set_robust_list(0x7f50e61579a0, 24 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5806] <... set_robust_list resumed>) = 0 [pid 5806] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5806] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5806] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... futex resumed>) = 0 [pid 5805] read(6, [pid 5804] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5804] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5806] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = 1 [pid 5804] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5805] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5805] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5804] <... futex resumed>) = ? [pid 5806] +++ killed by SIGBUS +++ [pid 5805] +++ killed by SIGBUS +++ [pid 5804] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5804, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5807 attached , child_tidptr=0x55555720b690) = 5807 [pid 5807] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5807] chdir("./241") = 0 [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5807] setpgid(0, 0) = 0 [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5807] write(3, "1000", 4) = 4 [pid 5807] close(3) = 0 [pid 5807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5807] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5807] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5808 attached => {parent_tid=[5808]}, 88) = 5808 [pid 5808] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5807] rt_sigprocmask(SIG_SETMASK, [], [pid 5808] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5807] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5808] memfd_create("syzkaller", 0 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5808] <... memfd_create resumed>) = 3 [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5808] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5808] close(3) = 0 [pid 5808] mkdir("./file0", 0777) = 0 [pid 5808] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5808] chdir("./file0") = 0 [pid 5808] ioctl(4, LOOP_CLR_FD) = 0 [pid 5808] close(4) = 0 [pid 5808] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5808] <... futex resumed>) = 1 [pid 5807] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... open resumed>) = 4 [pid 5808] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 250.545135][ T5808] loop0: detected capacity change from 0 to 2048 [ 250.560867][ T5808] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 250.572918][ T5808] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5808] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = 0 [pid 5807] <... futex resumed>) = 1 [pid 5808] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... open resumed>) = 5 [pid 5808] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] <... futex resumed>) = 0 [pid 5808] ftruncate(5, 33587199 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... ftruncate resumed>) = 0 [pid 5808] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5808] <... futex resumed>) = 1 [pid 5807] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5807] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5807] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5808] <... mmap resumed>) = 0x20000000 [pid 5807] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5808] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5809 attached [pid 5809] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5807] <... clone3 resumed> => {parent_tid=[5809]}, 88) = 5809 [pid 5809] <... rseq resumed>) = 0 [pid 5807] rt_sigprocmask(SIG_SETMASK, [], [pid 5809] set_robust_list(0x7f50e61579a0, 24 [pid 5807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5809] <... set_robust_list resumed>) = 0 [pid 5807] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = 0 [pid 5808] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5809] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 1 [pid 5807] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... futex resumed>) = 1 [pid 5807] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = 0 [pid 5808] read(6, [pid 5807] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5807] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5809] <... futex resumed>) = 0 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5808] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5807] <... futex resumed>) = ? [pid 5808] +++ killed by SIGBUS +++ [pid 5809] +++ killed by SIGBUS +++ [pid 5807] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5807, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5810 attached , child_tidptr=0x55555720b690) = 5810 [pid 5810] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5810] chdir("./242") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5810] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5810] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5811 attached => {parent_tid=[5811]}, 88) = 5811 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5811] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5810] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] set_robust_list(0x7f50e61789a0, 24 [pid 5810] <... futex resumed>) = 0 [pid 5811] <... set_robust_list resumed>) = 0 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5811] memfd_create("syzkaller", 0) = 3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5811] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] mkdir("./file0", 0777) = 0 [pid 5811] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./file0") = 0 [pid 5811] ioctl(4, LOOP_CLR_FD) = 0 [pid 5811] close(4) = 0 [ 251.200529][ T5811] loop0: detected capacity change from 0 to 2048 [ 251.227782][ T5811] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 251.239978][ T5811] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5811] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5810] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... open resumed>) = 4 [pid 5811] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5811] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5810] <... futex resumed>) = 0 [pid 5811] <... open resumed>) = 5 [pid 5811] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5811] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] ftruncate(5, 33587199 [pid 5810] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... ftruncate resumed>) = 0 [pid 5811] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5810] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5810] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5811] <... mmap resumed>) = 0x20000000 [pid 5810] <... mprotect resumed>) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5811] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5811] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5812 attached [pid 5812] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5810] <... clone3 resumed> => {parent_tid=[5812]}, 88) = 5812 [pid 5812] set_robust_list(0x7f50e61579a0, 24 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], [pid 5812] <... set_robust_list resumed>) = 0 [pid 5810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5812] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5812] <... futex resumed>) = 1 [pid 5810] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5811] read(6, [pid 5810] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5810] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5810] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5812] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5811] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5811] +++ killed by SIGBUS +++ [pid 5812] +++ killed by SIGBUS +++ [pid 5810] <... futex resumed>) = ? [pid 5810] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5810, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5813 attached , child_tidptr=0x55555720b690) = 5813 [pid 5813] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5813] chdir("./243") = 0 [pid 5813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5813] setpgid(0, 0) = 0 [pid 5813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5813] write(3, "1000", 4) = 4 [pid 5813] close(3) = 0 [pid 5813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5813] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5813] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5814 attached [pid 5814] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5814] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] <... clone3 resumed> => {parent_tid=[5814]}, 88) = 5814 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5813] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5813] <... futex resumed>) = 1 [pid 5814] memfd_create("syzkaller", 0 [pid 5813] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5814] <... memfd_create resumed>) = 3 [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5814] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5814] close(3) = 0 [pid 5814] mkdir("./file0", 0777) = 0 [pid 5814] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5814] chdir("./file0") = 0 [ 251.899798][ T5814] loop0: detected capacity change from 0 to 2048 [ 251.925550][ T5814] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 251.937872][ T5814] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5814] ioctl(4, LOOP_CLR_FD) = 0 [pid 5814] close(4) = 0 [pid 5814] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... open resumed>) = 4 [pid 5814] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5814] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... futex resumed>) = 1 [pid 5814] ftruncate(5, 33587199) = 0 [pid 5814] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5814] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5813] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5813] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5813] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5813] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5815 attached => {parent_tid=[5815]}, 88) = 5815 [pid 5815] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], [pid 5815] <... rseq resumed>) = 0 [pid 5813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] set_robust_list(0x7f50e61579a0, 24 [pid 5813] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... set_robust_list resumed>) = 0 [pid 5813] <... futex resumed>) = 0 [pid 5815] rt_sigprocmask(SIG_SETMASK, [], [pid 5813] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5815] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5815] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5815] read(6, [pid 5813] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5813] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5813] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5816 attached [pid 5816] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5813] <... clone3 resumed> => {parent_tid=[5816]}, 88) = 5816 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5813] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... rseq resumed>) = 0 [pid 5813] <... futex resumed>) = 0 [pid 5816] set_robust_list(0x7f50e61369a0, 24) = 0 [pid 5813] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] <... mmap resumed>) = 0x20000000 [pid 5814] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5815] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5813] <... futex resumed>) = ? [pid 5814] <... futex resumed>) = ? [pid 5815] +++ killed by SIGBUS +++ [pid 5814] +++ killed by SIGBUS +++ [pid 5816] +++ killed by SIGBUS +++ [pid 5813] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5813, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5817 attached , child_tidptr=0x55555720b690) = 5817 [pid 5817] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5817] chdir("./244") = 0 [pid 5817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] setpgid(0, 0) = 0 [pid 5817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1000", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5817] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5817] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5818 attached [pid 5818] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5817] <... clone3 resumed> => {parent_tid=[5818]}, 88) = 5818 [pid 5818] set_robust_list(0x7f50e61789a0, 24 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... set_robust_list resumed>) = 0 [pid 5817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] rt_sigprocmask(SIG_SETMASK, [], [pid 5817] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5817] <... futex resumed>) = 0 [pid 5818] memfd_create("syzkaller", 0 [pid 5817] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] <... memfd_create resumed>) = 3 [pid 5818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5818] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5818] close(3) = 0 [pid 5818] mkdir("./file0", 0777) = 0 [pid 5818] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5818] chdir("./file0") = 0 [pid 5818] ioctl(4, LOOP_CLR_FD) = 0 [pid 5818] close(4) = 0 [pid 5818] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... open resumed>) = 4 [pid 5818] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5818] <... futex resumed>) = 0 [pid 5818] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 252.691704][ T5818] loop0: detected capacity change from 0 to 2048 [ 252.719497][ T5818] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 252.731621][ T5818] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5817] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5818] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... futex resumed>) = 1 [pid 5818] ftruncate(5, 33587199) = 0 [pid 5818] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] <... futex resumed>) = 0 [pid 5818] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5817] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5817] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5817] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... mmap resumed>) = 0x20000000 [pid 5817] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5819 attached [pid 5819] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5817] <... clone3 resumed> => {parent_tid=[5819]}, 88) = 5819 [pid 5819] <... rseq resumed>) = 0 [pid 5819] set_robust_list(0x7f50e61579a0, 24 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... set_robust_list resumed>) = 0 [pid 5817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] rt_sigprocmask(SIG_SETMASK, [], [pid 5817] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5817] <... futex resumed>) = 0 [pid 5817] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... futex resumed>) = 0 [pid 5818] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5819] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5817] <... futex resumed>) = 0 [pid 5819] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... futex resumed>) = 0 [pid 5818] read(6, [pid 5817] <... futex resumed>) = 1 [pid 5817] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5817] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 1 [pid 5817] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006f000} --- [pid 5818] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 249728 [pid 5819] +++ killed by SIGBUS +++ [pid 5818] +++ killed by SIGBUS +++ [pid 5817] <... futex resumed>) = ? [pid 5817] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5817, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached , child_tidptr=0x55555720b690) = 5820 [pid 5820] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5820] chdir("./245") = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] setpgid(0, 0) = 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1000", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5820] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5821 attached [pid 5821] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5820] <... clone3 resumed> => {parent_tid=[5821]}, 88) = 5821 [pid 5821] <... rseq resumed>) = 0 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] set_robust_list(0x7f50e61789a0, 24 [pid 5820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... set_robust_list resumed>) = 0 [pid 5820] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... futex resumed>) = 0 [pid 5821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] memfd_create("syzkaller", 0 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... memfd_create resumed>) = 3 [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5821] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5821] close(3) = 0 [pid 5821] mkdir("./file0", 0777) = 0 [pid 5821] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5821] chdir("./file0") = 0 [pid 5821] ioctl(4, LOOP_CLR_FD) = 0 [pid 5821] close(4) = 0 [pid 5821] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5821] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [ 253.375942][ T5821] loop0: detected capacity change from 0 to 2048 [ 253.392673][ T5821] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 253.404787][ T5821] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5821] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5821] ftruncate(5, 33587199 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... ftruncate resumed>) = 0 [pid 5821] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... futex resumed>) = 1 [pid 5821] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5820] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5820] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... mmap resumed>) = 0x20000000 [pid 5821] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5822 attached [pid 5822] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... clone3 resumed> => {parent_tid=[5822]}, 88) = 5822 [pid 5822] <... rseq resumed>) = 0 [pid 5821] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] set_robust_list(0x7f50e61579a0, 24 [pid 5820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5820] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... futex resumed>) = 0 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5822] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5822] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... futex resumed>) = 0 [pid 5821] read(6, [pid 5820] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5820] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] memfd_create("syzkaller", 0) = 7 [pid 5822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5822] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5822] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5822] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5822] ioctl(8, LOOP_CLR_FD) = 0 [pid 5822] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5822] close(8) = 0 [pid 5822] close(7) = 0 [pid 5822] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5822] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] exit_group(0 [pid 5822] <... futex resumed>) = ? [pid 5822] +++ exited with 0 +++ [pid 5821] <... read resumed> ) = ? [pid 5820] <... exit_group resumed>) = ? [pid 5821] +++ exited with 0 +++ [pid 5820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=0, si_stime=55 /* 0.55 s */} --- umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 [ 254.253604][ T11] bio_check_eod: 19 callbacks suppressed [ 254.253617][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.253617][ T11] loop0: rw=1, sector=2053, nr_sectors = 1 limit=2048 [ 254.272770][ T11] buffer_io_error: 24 callbacks suppressed [ 254.272779][ T11] Buffer I/O error on dev loop0, logical block 2053, lost async page write [ 254.287301][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.287301][ T11] loop0: rw=1, sector=2054, nr_sectors = 1 limit=2048 [ 254.300926][ T11] Buffer I/O error on dev loop0, logical block 2054, lost async page write [ 254.309522][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.309522][ T11] loop0: rw=1, sector=2055, nr_sectors = 1 limit=2048 [ 254.323119][ T11] Buffer I/O error on dev loop0, logical block 2055, lost async page write [ 254.331771][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.331771][ T11] loop0: rw=1, sector=2056, nr_sectors = 1 limit=2048 [ 254.345246][ T11] Buffer I/O error on dev loop0, logical block 2056, lost async page write [ 254.353897][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.353897][ T11] loop0: rw=1, sector=2057, nr_sectors = 1 limit=2048 [ 254.367409][ T11] Buffer I/O error on dev loop0, logical block 2057, lost async page write [ 254.376143][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.376143][ T11] loop0: rw=1, sector=2058, nr_sectors = 1 limit=2048 [ 254.389638][ T11] Buffer I/O error on dev loop0, logical block 2058, lost async page write [ 254.398325][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.398325][ T11] loop0: rw=1, sector=2059, nr_sectors = 1 limit=2048 [ 254.411823][ T11] Buffer I/O error on dev loop0, logical block 2059, lost async page write [ 254.420475][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.420475][ T11] loop0: rw=1, sector=2076, nr_sectors = 8 limit=2048 [ 254.434068][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.434068][ T11] loop0: rw=1, sector=2092, nr_sectors = 1 limit=2048 [ 254.447570][ T11] Buffer I/O error on dev loop0, logical block 2092, lost async page write [ 254.456214][ T11] kworker/u4:1: attempt to access beyond end of device [ 254.456214][ T11] loop0: rw=1, sector=2101, nr_sectors = 1 limit=2048 [ 254.469693][ T11] Buffer I/O error on dev loop0, logical block 2101, lost async page write [ 254.478352][ T11] Buffer I/O error on dev loop0, logical block 2102, lost async page write umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached , child_tidptr=0x55555720b690) = 5823 [pid 5823] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5823] chdir("./246") = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3) = 0 [pid 5823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5823] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5823] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5823] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5824 attached [pid 5824] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5823] <... clone3 resumed> => {parent_tid=[5824]}, 88) = 5824 [pid 5824] set_robust_list(0x7f50e61789a0, 24 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] <... set_robust_list resumed>) = 0 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], [pid 5823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5823] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] memfd_create("syzkaller", 0 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5824] <... memfd_create resumed>) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5824] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] mkdir("./file0", 0777) = 0 [pid 5824] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5824] chdir("./file0") = 0 [pid 5824] ioctl(4, LOOP_CLR_FD) = 0 [pid 5824] close(4) = 0 [pid 5824] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 254.767994][ T5824] loop0: detected capacity change from 0 to 2048 [ 254.793972][ T5824] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 254.806328][ T5824] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5824] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... futex resumed>) = 0 [pid 5824] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5824] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5823] <... futex resumed>) = 0 [pid 5824] <... open resumed>) = 5 [pid 5823] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... futex resumed>) = 1 [pid 5824] ftruncate(5, 33587199) = 0 [pid 5824] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5824] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5824] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5823] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5823] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5823] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5823] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5824] <... mmap resumed>) = 0x20000000 [pid 5823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5824] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5825 attached [pid 5825] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5823] <... clone3 resumed> => {parent_tid=[5825]}, 88) = 5825 [pid 5825] <... rseq resumed>) = 0 [pid 5825] set_robust_list(0x7f50e61579a0, 24 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] <... set_robust_list resumed>) = 0 [pid 5824] <... futex resumed>) = 0 [pid 5823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5823] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5823] <... futex resumed>) = 0 [pid 5824] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5823] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... openat resumed>) = 6 [pid 5825] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5825] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = 1 [pid 5824] read(6, [pid 5823] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5823] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = 1 [pid 5823] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5825] memfd_create("syzkaller", 0) = 7 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5825] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5825] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5825] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5825] ioctl(8, LOOP_CLR_FD) = 0 [pid 5825] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5825] close(8) = 0 [pid 5825] close(7) = 0 [pid 5825] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5825] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] exit_group(0 [pid 5825] <... futex resumed>) = ? [pid 5823] <... exit_group resumed>) = ? [pid 5825] +++ exited with 0 +++ [pid 5824] <... read resumed> ) = ? [pid 5824] +++ exited with 0 +++ [pid 5823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=0, si_stime=59 /* 0.59 s */} --- umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached , child_tidptr=0x55555720b690) = 5826 [pid 5826] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5826] chdir("./247") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5826] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5827 attached => {parent_tid=[5827]}, 88) = 5827 [pid 5827] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5827] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5827] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] mkdir("./file0", 0777) = 0 [pid 5827] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./file0") = 0 [pid 5827] ioctl(4, LOOP_CLR_FD) = 0 [pid 5827] close(4) = 0 [pid 5827] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = 1 [pid 5827] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5826] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... open resumed>) = 4 [pid 5827] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... futex resumed>) = 0 [pid 5827] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5826] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... open resumed>) = 5 [ 256.044113][ T5827] loop0: detected capacity change from 0 to 2048 [ 256.060202][ T5827] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 256.072283][ T5827] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5827] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] ftruncate(5, 33587199) = 0 [pid 5827] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... futex resumed>) = 0 [pid 5827] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5826] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5826] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5826] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5827] <... mmap resumed>) = 0x20000000 [pid 5826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5828 attached [pid 5828] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5826] <... clone3 resumed> => {parent_tid=[5828]}, 88) = 5828 [pid 5828] <... rseq resumed>) = 0 [pid 5828] set_robust_list(0x7f50e61579a0, 24 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5828] <... set_robust_list resumed>) = 0 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5827] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] <... openat resumed>) = 6 [pid 5828] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5826] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = 1 [pid 5827] read(6, [pid 5826] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5826] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = 1 [pid 5826] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5827] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5826] <... futex resumed>) = ? [pid 5827] +++ killed by SIGBUS +++ [pid 5828] +++ killed by SIGBUS +++ [pid 5826] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5826, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x55555720b690) = 5829 [pid 5829] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5829] chdir("./248") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5829] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5830 attached [pid 5830] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5829] <... clone3 resumed> => {parent_tid=[5830]}, 88) = 5830 [pid 5830] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5830] memfd_create("syzkaller", 0 [pid 5829] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... memfd_create resumed>) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5830] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] mkdir("./file0", 0777) = 0 [pid 5830] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./file0") = 0 [pid 5830] ioctl(4, LOOP_CLR_FD) = 0 [ 256.776342][ T5830] loop0: detected capacity change from 0 to 2048 [ 256.802204][ T5830] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 256.814234][ T5830] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5830] close(4) = 0 [pid 5830] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 1 [pid 5830] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5829] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... open resumed>) = 4 [pid 5830] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5829] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5830] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5830] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5830] ftruncate(5, 33587199 [pid 5829] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... ftruncate resumed>) = 0 [pid 5830] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5830] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5830] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5829] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5829] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] <... mmap resumed>) = 0x20000000 [pid 5830] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5831 attached [pid 5831] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5829] <... clone3 resumed> => {parent_tid=[5831]}, 88) = 5831 [pid 5831] set_robust_list(0x7f50e61579a0, 24 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... set_robust_list resumed>) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5831] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5830] read(6, [pid 5829] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 1 [pid 5829] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5830] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5829] <... futex resumed>) = ? [pid 5831] +++ killed by SIGBUS +++ [pid 5830] +++ killed by SIGBUS +++ [pid 5829] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5829, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached , child_tidptr=0x55555720b690) = 5832 [pid 5832] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5832] chdir("./249") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5832] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5832] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] <... rseq resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] set_robust_list(0x7f50e61789a0, 24 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... futex resumed>) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5833] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] mkdir("./file0", 0777) = 0 [pid 5833] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] chdir("./file0") = 0 [pid 5833] ioctl(4, LOOP_CLR_FD) = 0 [pid 5833] close(4) = 0 [pid 5833] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5833] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... open resumed>) = 4 [pid 5833] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... open resumed>) = 5 [ 257.499061][ T5833] loop0: detected capacity change from 0 to 2048 [ 257.524919][ T5833] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 257.536983][ T5833] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5833] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] ftruncate(5, 33587199 [pid 5832] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... ftruncate resumed>) = 0 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5832] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5832] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... mmap resumed>) = 0x20000000 [pid 5832] <... mprotect resumed>) = 0 [pid 5833] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5834 attached [pid 5834] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5832] <... clone3 resumed> => {parent_tid=[5834]}, 88) = 5834 [pid 5834] <... rseq resumed>) = 0 [pid 5834] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5832] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5834] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] read(6, [pid 5832] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5832] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5832] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5833] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5833] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5832] <... futex resumed>) = ? [pid 5834] +++ killed by SIGBUS +++ [pid 5833] +++ killed by SIGBUS +++ [pid 5832] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5832, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached , child_tidptr=0x55555720b690) = 5835 [pid 5835] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5835] chdir("./250") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5835] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5835] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5836 attached [pid 5836] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5836] set_robust_list(0x7f50e61789a0, 24 [pid 5835] <... clone3 resumed> => {parent_tid=[5836]}, 88) = 5836 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] memfd_create("syzkaller", 0 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5836] <... memfd_create resumed>) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5836] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] mkdir("./file0", 0777) = 0 [pid 5836] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./file0") = 0 [pid 5836] ioctl(4, LOOP_CLR_FD) = 0 [pid 5836] close(4) = 0 [pid 5836] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... open resumed>) = 4 [pid 5836] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5836] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5835] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... open resumed>) = 5 [pid 5836] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] ftruncate(5, 33587199 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... ftruncate resumed>) = 0 [pid 5836] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [ 258.206711][ T5836] loop0: detected capacity change from 0 to 2048 [ 258.222843][ T5836] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 258.235064][ T5836] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5836] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5835] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5835] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5835] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5835] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5837] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5837] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... mmap resumed>) = 0x20000000 [pid 5837] <... futex resumed>) = 1 [pid 5836] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... futex resumed>) = 0 [pid 5836] read(6, [pid 5835] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5835] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5835] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5836] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5835] <... futex resumed>) = ? [pid 5837] +++ killed by SIGBUS +++ [pid 5836] +++ killed by SIGBUS +++ [pid 5835] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5835, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x55555720b690) = 5838 [pid 5838] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5838] chdir("./251") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5838] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5839 attached => {parent_tid=[5839]}, 88) = 5839 [pid 5839] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5839] set_robust_list(0x7f50e61789a0, 24 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5839] memfd_create("syzkaller", 0 [pid 5838] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] <... memfd_create resumed>) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5839] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] mkdir("./file0", 0777) = 0 [pid 5839] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./file0") = 0 [pid 5839] ioctl(4, LOOP_CLR_FD) = 0 [pid 5839] close(4) = 0 [pid 5839] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5838] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... open resumed>) = 4 [pid 5839] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... open resumed>) = 5 [pid 5838] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5838] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] ftruncate(5, 33587199 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... ftruncate resumed>) = 0 [pid 5839] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5838] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5838] <... futex resumed>) = 0 [ 258.869982][ T5839] loop0: detected capacity change from 0 to 2048 [ 258.897251][ T5839] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 258.909758][ T5839] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5838] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5838] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] <... mmap resumed>) = 0x20000000 [pid 5839] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5840 attached [pid 5840] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5839] <... futex resumed>) = 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] <... rseq resumed>) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] set_robust_list(0x7f50e61579a0, 24 [pid 5839] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... set_robust_list resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5840] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5838] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5840] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... futex resumed>) = 0 [pid 5839] read(6, [pid 5838] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5838] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5840] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5839] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5838] <... futex resumed>) = ? [pid 5839] +++ killed by SIGBUS +++ [pid 5840] +++ killed by SIGBUS +++ [pid 5838] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5838, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached , child_tidptr=0x55555720b690) = 5841 [pid 5841] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5841] chdir("./252") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5841] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5841] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] <... rseq resumed>) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] set_robust_list(0x7f50e61789a0, 24 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] <... futex resumed>) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] memfd_create("syzkaller", 0 [pid 5841] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] <... memfd_create resumed>) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5842] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] close(3) = 0 [pid 5842] mkdir("./file0", 0777) = 0 [pid 5842] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./file0") = 0 [pid 5842] ioctl(4, LOOP_CLR_FD) = 0 [pid 5842] close(4) = 0 [pid 5842] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5842] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5841] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... open resumed>) = 4 [pid 5842] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5842] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5841] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... open resumed>) = 5 [pid 5842] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 259.595799][ T5842] loop0: detected capacity change from 0 to 2048 [ 259.623406][ T5842] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 259.635267][ T5842] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5842] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5842] ftruncate(5, 33587199 [pid 5841] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... ftruncate resumed>) = 0 [pid 5842] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = 1 [pid 5841] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5841] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5841] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] <... mmap resumed>) = 0x20000000 [pid 5842] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5842] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5841] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] <... rseq resumed>) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5843] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5843] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5842] read(6, [pid 5841] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5841] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5841] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5842] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5841] <... futex resumed>) = ? [pid 5843] +++ killed by SIGBUS +++ [pid 5842] +++ killed by SIGBUS +++ [pid 5841] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5841, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached , child_tidptr=0x55555720b690) = 5844 [pid 5844] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5844] chdir("./253") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5844] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5845 attached [pid 5845] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5844] <... clone3 resumed> => {parent_tid=[5845]}, 88) = 5845 [pid 5845] set_robust_list(0x7f50e61789a0, 24 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... set_robust_list resumed>) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... futex resumed>) = 0 [pid 5845] memfd_create("syzkaller", 0 [pid 5844] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5845] <... memfd_create resumed>) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5845] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] mkdir("./file0", 0777) = 0 [pid 5845] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file0") = 0 [pid 5845] ioctl(4, LOOP_CLR_FD) = 0 [pid 5845] close(4) = 0 [pid 5845] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5845] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5844] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... open resumed>) = 4 [pid 5845] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5845] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 0 [pid 5845] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [ 260.292545][ T5845] loop0: detected capacity change from 0 to 2048 [ 260.307032][ T5845] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 260.319303][ T5845] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5845] ftruncate(5, 33587199 [pid 5844] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... ftruncate resumed>) = 0 [pid 5845] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5844] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5845] <... mmap resumed>) = 0x20000000 [pid 5844] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5845] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5846 attached [pid 5844] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5846] set_robust_list(0x7f50e61579a0, 24 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] <... set_robust_list resumed>) = 0 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5846] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5846] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5844] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] read(6, [pid 5844] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5844] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 5845] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 5845] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5844] <... futex resumed>) = ? [pid 5846] +++ killed by SIGBUS +++ [pid 5845] +++ killed by SIGBUS +++ [pid 5844] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5844, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x55555720b690) = 5847 [pid 5847] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5847] chdir("./254") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5847] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5848 attached [pid 5848] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5847] <... clone3 resumed> => {parent_tid=[5848]}, 88) = 5848 [pid 5848] set_robust_list(0x7f50e61789a0, 24 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... set_robust_list resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] memfd_create("syzkaller", 0 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] <... memfd_create resumed>) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5848] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] mkdir("./file0", 0777) = 0 [pid 5848] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./file0") = 0 [pid 5848] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] close(4) = 0 [pid 5848] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 260.934820][ T5848] loop0: detected capacity change from 0 to 2048 [ 260.960594][ T5848] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 260.972289][ T5848] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5848] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 0 [pid 5848] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5848] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 1 [pid 5848] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5848] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 1 [pid 5848] ftruncate(5, 33587199) = 0 [pid 5848] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 1 [pid 5848] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5847] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5847] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5847] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5847] <... clone3 resumed> => {parent_tid=[5849]}, 88) = 5849 [pid 5849] <... rseq resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] set_robust_list(0x7f50e61579a0, 24 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5847] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... futex resumed>) = 0 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5849] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5849] read(6, [pid 5847] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5847] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6116000 [pid 5847] mprotect(0x7f50e6117000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6136990, parent_tid=0x7f50e6136990, exit_signal=0, stack=0x7f50e6116000, stack_size=0x20300, tls=0x7f50e61366c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7f50e6136fe0, 0x20, 0, 0x53053053 [pid 5847] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] <... rseq resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] set_robust_list(0x7f50e61369a0, 24 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5847] futex(0x7f50e62636e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... futex resumed>) = 0 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] futex(0x7f50e62636ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] <... mmap resumed>) = 0x20000000 [pid 5848] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] memfd_create("syzkaller", 0) = 7 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd16000 [pid 5850] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5850] munmap(0x7f50ddd16000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5850] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5850] ioctl(8, LOOP_CLR_FD) = 0 [pid 5850] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5850] close(8) = 0 [pid 5850] close(7) = 0 [pid 5850] futex(0x7f50e62636ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] futex(0x7f50e62636e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... futex resumed>) = 0 [pid 5847] exit_group(0 [pid 5850] <... futex resumed>) = ? [pid 5848] <... futex resumed>) = ? [pid 5847] <... exit_group resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5848] +++ exited with 0 +++ [pid 5849] <... read resumed> ) = ? [pid 5849] +++ exited with 0 +++ [pid 5847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=78 /* 0.78 s */} --- umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5851] chdir("./255" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5851 [pid 5851] <... chdir resumed>) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5851] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5852 attached => {parent_tid=[5852]}, 88) = 5852 [pid 5852] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] <... rseq resumed>) = 0 [pid 5852] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] memfd_create("syzkaller", 0 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5852] <... memfd_create resumed>) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5852] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] ioctl(4, LOOP_CLR_FD) = 0 [pid 5852] close(4) = 0 [pid 5852] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 262.393932][ T5852] loop0: detected capacity change from 0 to 2048 [ 262.418984][ T5852] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 262.431199][ T5852] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5851] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... open resumed>) = 4 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5852] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5851] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... open resumed>) = 5 [pid 5852] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] ftruncate(5, 33587199) = 0 [pid 5852] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5852] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5851] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5851] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5851] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5852] <... mmap resumed>) = 0x20000000 [pid 5851] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5852] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5851] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] <... rseq resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] set_robust_list(0x7f50e61579a0, 24 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5853] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5853] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5852] read(6, [pid 5851] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5851] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5851] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5852] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5852] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5851] <... futex resumed>) = ? [pid 5853] +++ killed by SIGBUS +++ [pid 5852] +++ killed by SIGBUS +++ [pid 5851] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5851, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x55555720b690) = 5854 [pid 5854] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5854] chdir("./256") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5854] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5855 attached [pid 5855] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5854] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] <... rseq resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] set_robust_list(0x7f50e61789a0, 24 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... futex resumed>) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5855] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] mkdir("./file0", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file0") = 0 [pid 5855] ioctl(4, LOOP_CLR_FD) = 0 [pid 5855] close(4) = 0 [pid 5855] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5854] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5855] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5854] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... open resumed>) = 5 [ 263.175387][ T5855] loop0: detected capacity change from 0 to 2048 [ 263.189928][ T5855] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 263.201977][ T5855] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5855] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] ftruncate(5, 33587199 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... ftruncate resumed>) = 0 [pid 5855] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5854] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5854] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5855] <... mmap resumed>) = 0x20000000 [pid 5854] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5855] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5856 attached [pid 5856] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5854] <... clone3 resumed> => {parent_tid=[5856]}, 88) = 5856 [pid 5856] set_robust_list(0x7f50e61579a0, 24 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5856] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5856] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5855] read(6, [pid 5854] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 1 [pid 5854] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5856] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5854] <... futex resumed>) = ? [pid 5855] <... read resumed> ) = ? [pid 5856] +++ killed by SIGBUS +++ [pid 5855] +++ killed by SIGBUS +++ [pid 5854] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5854, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached , child_tidptr=0x55555720b690) = 5857 [pid 5857] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5857] chdir("./257") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5857] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5857] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5858 attached [pid 5858] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5857] <... clone3 resumed> => {parent_tid=[5858]}, 88) = 5858 [pid 5858] <... rseq resumed>) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] set_robust_list(0x7f50e61789a0, 24 [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... futex resumed>) = 0 [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5858] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [pid 5858] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] ioctl(4, LOOP_CLR_FD) = 0 [pid 5858] close(4) = 0 [pid 5858] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [ 263.800811][ T5858] loop0: detected capacity change from 0 to 2048 [ 263.828719][ T5858] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 263.840749][ T5858] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5857] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5858] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] <... open resumed>) = 5 [pid 5858] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5858] ftruncate(5, 33587199 [pid 5857] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] <... ftruncate resumed>) = 0 [pid 5858] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5858] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5857] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5857] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5859 attached [pid 5859] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5858] <... mmap resumed>) = 0x20000000 [pid 5857] <... clone3 resumed> => {parent_tid=[5859]}, 88) = 5859 [pid 5859] <... rseq resumed>) = 0 [pid 5858] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] set_robust_list(0x7f50e61579a0, 24 [pid 5858] <... futex resumed>) = 0 [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5858] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... futex resumed>) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5859] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5859] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5858] read(6, [pid 5857] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5857] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5858] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5858] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5857] <... futex resumed>) = ? [pid 5859] +++ killed by SIGBUS +++ [pid 5858] +++ killed by SIGBUS +++ [pid 5857] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5857, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x55555720b690) = 5860 [pid 5860] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5860] chdir("./258") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5860] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5860] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] set_robust_list(0x7f50e61789a0, 24 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] <... set_robust_list resumed>) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] memfd_create("syzkaller", 0 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... memfd_create resumed>) = 3 [pid 5860] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5861] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] mkdir("./file0", 0777) = 0 [pid 5861] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./file0") = 0 [pid 5861] ioctl(4, LOOP_CLR_FD) = 0 [pid 5861] close(4) = 0 [pid 5861] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5860] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5861] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5860] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... open resumed>) = 5 [ 264.529405][ T5861] loop0: detected capacity change from 0 to 2048 [ 264.539739][ T5861] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 264.552000][ T5861] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5861] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5860] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] ftruncate(5, 33587199) = 0 [pid 5861] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5860] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5860] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] <... mmap resumed>) = 0x20000000 [pid 5861] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5861] <... futex resumed>) = 0 [pid 5860] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5861] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5862 attached [pid 5862] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5860] <... clone3 resumed> => {parent_tid=[5862]}, 88) = 5862 [pid 5862] <... rseq resumed>) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] set_robust_list(0x7f50e61579a0, 24 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5860] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... futex resumed>) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5862] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5862] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5860] <... futex resumed>) = 1 [pid 5861] read(6, [pid 5860] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5860] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5862] <... futex resumed>) = 0 [pid 5862] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5861] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5861] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5862] +++ killed by SIGBUS +++ [pid 5861] +++ killed by SIGBUS +++ [pid 5860] <... futex resumed>) = ? [pid 5860] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5860, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached , child_tidptr=0x55555720b690) = 5863 [pid 5863] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5863] chdir("./259") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5863] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5864 attached => {parent_tid=[5864]}, 88) = 5864 [pid 5864] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] <... rseq resumed>) = 0 [pid 5864] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5864] memfd_create("syzkaller", 0) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5864] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] mkdir("./file0", 0777) = 0 [pid 5864] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./file0") = 0 [pid 5864] ioctl(4, LOOP_CLR_FD) = 0 [pid 5864] close(4) = 0 [pid 5864] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 265.302010][ T5864] loop0: detected capacity change from 0 to 2048 [ 265.328490][ T5864] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 265.340456][ T5864] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5864] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5864] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... open resumed>) = 4 [pid 5864] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] <... futex resumed>) = 0 [pid 5864] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... open resumed>) = 5 [pid 5864] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] ftruncate(5, 33587199 [pid 5863] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] <... ftruncate resumed>) = 0 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5864] <... futex resumed>) = 1 [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5863] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] <... mmap resumed>) = 0x20000000 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5864] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5863] <... clone3 resumed> => {parent_tid=[5865]}, 88) = 5865 [pid 5865] <... rseq resumed>) = 0 [pid 5864] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5865] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5865] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5865] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5864] read(6, [pid 5863] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5863] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5864] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5864] ???() = ? [pid 5863] <... futex resumed>) = ? [pid 5865] +++ killed by SIGBUS +++ [pid 5864] +++ killed by SIGBUS +++ [pid 5863] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5863, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached , child_tidptr=0x55555720b690) = 5866 [pid 5866] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5866] chdir("./260") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5866] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5866] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5867] set_robust_list(0x7f50e61789a0, 24 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] <... futex resumed>) = 0 [pid 5867] memfd_create("syzkaller", 0 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... memfd_create resumed>) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5867] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] mkdir("./file0", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file0") = 0 [pid 5867] ioctl(4, LOOP_CLR_FD) = 0 [pid 5867] close(4) = 0 [pid 5867] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5867] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... open resumed>) = 5 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5866] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] ftruncate(5, 33587199 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... ftruncate resumed>) = 0 [pid 5867] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... futex resumed>) = 1 [ 266.048471][ T5867] loop0: detected capacity change from 0 to 2048 [ 266.058795][ T5867] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 266.071458][ T5867] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5867] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5866] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] <... mmap resumed>) = 0x20000000 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5867] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5867] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5868 attached [pid 5867] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] set_robust_list(0x7f50e61579a0, 24 [pid 5866] <... clone3 resumed> => {parent_tid=[5868]}, 88) = 5868 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5868] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5868] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] read(6, [pid 5866] <... futex resumed>) = 1 [pid 5866] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5866] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5867] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5866] <... futex resumed>) = ? [pid 5868] +++ killed by SIGBUS +++ [pid 5867] +++ killed by SIGBUS +++ [pid 5866] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5866, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/binderfs") = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached , child_tidptr=0x55555720b690) = 5869 [pid 5869] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5869] chdir("./261") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5869] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5870 attached [pid 5870] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5869] <... clone3 resumed> => {parent_tid=[5870]}, 88) = 5870 [pid 5870] <... rseq resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] set_robust_list(0x7f50e61789a0, 24 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... set_robust_list resumed>) = 0 [pid 5869] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... futex resumed>) = 0 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5870] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] mkdir("./file0", 0777) = 0 [pid 5870] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./file0") = 0 [pid 5870] ioctl(4, LOOP_CLR_FD) = 0 [pid 5870] close(4) = 0 [pid 5870] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5870] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5869] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... open resumed>) = 4 [pid 5870] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5870] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5870] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] ftruncate(5, 33587199 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... ftruncate resumed>) = 0 [pid 5870] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5870] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 266.752675][ T5870] loop0: detected capacity change from 0 to 2048 [ 266.763642][ T5870] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 266.775864][ T5870] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5869] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5869] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5871] set_robust_list(0x7f50e61579a0, 24 [pid 5869] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5871] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... mmap resumed>) = 0x20000000 [pid 5871] <... futex resumed>) = 1 [pid 5870] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5871] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5870] read(6, [pid 5869] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5869] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5870] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5871] +++ killed by SIGBUS +++ [pid 5870] +++ killed by SIGBUS +++ [pid 5869] <... futex resumed>) = ? [pid 5869] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5869, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x55555720b690) = 5872 [pid 5872] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5872] chdir("./262") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5872] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5872] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] memfd_create("syzkaller", 0 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] <... memfd_create resumed>) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5873] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] mkdir("./file0", 0777) = 0 [pid 5873] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./file0") = 0 [pid 5873] ioctl(4, LOOP_CLR_FD) = 0 [pid 5873] close(4) = 0 [pid 5873] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... futex resumed>) = 0 [ 267.556084][ T5873] loop0: detected capacity change from 0 to 2048 [ 267.571904][ T5873] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 267.583978][ T5873] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5873] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5873] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] ftruncate(5, 33587199 [pid 5872] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] <... ftruncate resumed>) = 0 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5873] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5872] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5873] <... mmap resumed>) = 0x20000000 [pid 5872] <... mmap resumed>) = 0x7f50e6137000 [pid 5873] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5873] <... futex resumed>) = 0 [pid 5872] <... mprotect resumed>) = 0 [pid 5873] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5874 attached [pid 5874] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5872] <... clone3 resumed> => {parent_tid=[5874]}, 88) = 5874 [pid 5874] <... rseq resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] set_robust_list(0x7f50e61579a0, 24 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5872] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... futex resumed>) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5874] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5874] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] read(6, [pid 5872] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5872] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5872] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5873] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5873] +++ killed by SIGBUS +++ [pid 5872] <... futex resumed>) = ? [pid 5874] +++ killed by SIGBUS +++ [pid 5872] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5872, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x55555720b690) = 5875 [pid 5875] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5875] chdir("./263") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5875] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5875] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5876 attached => {parent_tid=[5876]}, 88) = 5876 [pid 5876] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] <... rseq resumed>) = 0 [pid 5876] set_robust_list(0x7f50e61789a0, 24 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5876] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] mkdir("./file0", 0777) = 0 [pid 5876] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file0") = 0 [pid 5876] ioctl(4, LOOP_CLR_FD) = 0 [pid 5876] close(4) = 0 [pid 5876] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5876] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5875] <... futex resumed>) = 0 [pid 5876] <... open resumed>) = 5 [pid 5875] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 268.422911][ T5876] loop0: detected capacity change from 0 to 2048 [ 268.433570][ T5876] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 268.445763][ T5876] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5876] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] ftruncate(5, 33587199 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... ftruncate resumed>) = 0 [pid 5876] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5875] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5875] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5875] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5876] <... mmap resumed>) = 0x20000000 [pid 5875] <... mprotect resumed>) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5876] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5876] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5875] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] set_robust_list(0x7f50e61579a0, 24 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... set_robust_list resumed>) = 0 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5877] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5877] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5875] <... futex resumed>) = 1 [pid 5876] read(6, [pid 5875] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5875] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5875] <... futex resumed>) = 1 [pid 5875] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5876] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5875] <... futex resumed>) = ? [pid 5877] +++ killed by SIGBUS +++ [pid 5876] +++ killed by SIGBUS +++ [pid 5875] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5875, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached [pid 5878] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5878 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5878] chdir("./264") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5878] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5878] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5878] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5879] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5878] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5878] <... futex resumed>) = 1 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5879] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [ 269.092910][ T5879] loop0: detected capacity change from 0 to 2048 [ 269.123846][ T5879] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5879] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file0") = 0 [pid 5879] ioctl(4, LOOP_CLR_FD) = 0 [pid 5879] close(4) = 0 [pid 5879] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... open resumed>) = 4 [pid 5879] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5878] <... futex resumed>) = 1 [pid 5879] <... open resumed>) = 5 [pid 5878] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5878] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] ftruncate(5, 33587199 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... ftruncate resumed>) = 0 [pid 5879] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5878] <... futex resumed>) = 0 [ 269.135880][ T5879] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5878] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5878] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] <... mmap resumed>) = 0x20000000 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5879] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5880 attached => {parent_tid=[5880]}, 88) = 5880 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5880] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5878] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] set_robust_list(0x7f50e61579a0, 24 [pid 5878] <... futex resumed>) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5878] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5880] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5880] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] read(6, [pid 5878] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5879] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5879] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5879] +++ killed by SIGBUS +++ [pid 5878] <... futex resumed>) = ? [pid 5880] +++ killed by SIGBUS +++ [pid 5878] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5878, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x55555720b690) = 5881 [pid 5881] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5881] chdir("./265") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5881] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5881] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5882 attached [pid 5882] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5881] <... clone3 resumed> => {parent_tid=[5882]}, 88) = 5882 [pid 5882] <... rseq resumed>) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] set_robust_list(0x7f50e61789a0, 24 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5881] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] <... futex resumed>) = 0 [pid 5882] memfd_create("syzkaller", 0 [pid 5881] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] <... memfd_create resumed>) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5882] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] mkdir("./file0", 0777) = 0 [pid 5882] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./file0") = 0 [pid 5882] ioctl(4, LOOP_CLR_FD) = 0 [pid 5882] close(4) = 0 [pid 5882] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5881] <... futex resumed>) = 0 [ 269.782719][ T5882] loop0: detected capacity change from 0 to 2048 [ 269.799572][ T5882] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 269.811688][ T5882] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5882] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5881] <... futex resumed>) = 1 [pid 5882] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5881] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... open resumed>) = 5 [pid 5882] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] ftruncate(5, 33587199) = 0 [pid 5882] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5881] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5881] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] <... mmap resumed>) = 0x20000000 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5882] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5883 attached [pid 5883] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5881] <... clone3 resumed> => {parent_tid=[5883]}, 88) = 5883 [pid 5883] <... rseq resumed>) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] set_robust_list(0x7f50e61579a0, 24 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] <... set_robust_list resumed>) = 0 [pid 5881] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5883] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5883] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] read(6, [pid 5881] <... futex resumed>) = 1 [pid 5881] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5881] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5881] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5883] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5882] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5881] <... futex resumed>) = ? [pid 5883] +++ killed by SIGBUS +++ [pid 5882] +++ killed by SIGBUS +++ [pid 5881] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5881, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x55555720b690) = 5884 [pid 5884] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5884] chdir("./266") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5884] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5885 attached [pid 5885] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5884] <... clone3 resumed> => {parent_tid=[5885]}, 88) = 5885 [pid 5885] set_robust_list(0x7f50e61789a0, 24 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... set_robust_list resumed>) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] memfd_create("syzkaller", 0 [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5885] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] mkdir("./file0", 0777) = 0 [pid 5885] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file0") = 0 [pid 5885] ioctl(4, LOOP_CLR_FD) = 0 [pid 5885] close(4) = 0 [pid 5885] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5884] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... open resumed>) = 4 [pid 5885] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... futex resumed>) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5884] <... futex resumed>) = 0 [pid 5885] <... open resumed>) = 5 [ 270.573561][ T5885] loop0: detected capacity change from 0 to 2048 [ 270.599568][ T5885] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 270.611913][ T5885] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] ftruncate(5, 33587199 [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... ftruncate resumed>) = 0 [pid 5885] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5884] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5884] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5884] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5885] <... mmap resumed>) = 0x20000000 [pid 5885] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... mprotect resumed>) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5886 attached [pid 5886] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5884] <... clone3 resumed> => {parent_tid=[5886]}, 88) = 5886 [pid 5886] <... rseq resumed>) = 0 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] set_robust_list(0x7f50e61579a0, 24 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5884] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... futex resumed>) = 0 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5886] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5886] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] read(6, [pid 5884] <... futex resumed>) = 1 [pid 5884] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5884] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5884] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5886] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5885] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5884] <... futex resumed>) = ? [pid 5886] +++ killed by SIGBUS +++ [pid 5885] +++ killed by SIGBUS +++ [pid 5884] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5884, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x55555720b690) = 5887 [pid 5887] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5887] chdir("./267") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5887] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5888 attached => {parent_tid=[5888]}, 88) = 5888 [pid 5888] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] <... rseq resumed>) = 0 [pid 5888] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5888] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] mkdir("./file0", 0777) = 0 [pid 5888] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file0") = 0 [pid 5888] ioctl(4, LOOP_CLR_FD) = 0 [pid 5888] close(4) = 0 [pid 5888] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... futex resumed>) = 0 [ 271.333322][ T5888] loop0: detected capacity change from 0 to 2048 [ 271.354619][ T5888] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 271.366744][ T5888] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5887] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5888] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5887] <... futex resumed>) = 1 [pid 5888] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... open resumed>) = 5 [pid 5888] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5887] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] ftruncate(5, 33587199 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... ftruncate resumed>) = 0 [pid 5888] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5887] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] <... mmap resumed>) = 0x20000000 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5888] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... mmap resumed>) = 0x7f50e6137000 [pid 5887] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5889 attached [pid 5889] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5887] <... clone3 resumed> => {parent_tid=[5889]}, 88) = 5889 [pid 5889] <... rseq resumed>) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] set_robust_list(0x7f50e61579a0, 24 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5887] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] <... futex resumed>) = 0 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5889] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5889] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... futex resumed>) = 0 [pid 5888] read(6, [pid 5887] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5887] <... futex resumed>) = 1 [pid 5887] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5888] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5888] ???( [pid 5887] <... futex resumed>) = ? [pid 5888] <... ??? resumed>) = ? [pid 5888] +++ killed by SIGBUS +++ [pid 5889] +++ killed by SIGBUS +++ [pid 5887] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5887, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached , child_tidptr=0x55555720b690) = 5890 [pid 5890] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5890] chdir("./268") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5890] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5890] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5891 attached [pid 5891] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5890] <... clone3 resumed> => {parent_tid=[5891]}, 88) = 5891 [pid 5891] set_robust_list(0x7f50e61789a0, 24 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... set_robust_list resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5891] memfd_create("syzkaller", 0 [pid 5890] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] <... memfd_create resumed>) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5891] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] mkdir("./file0", 0777) = 0 [pid 5891] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file0") = 0 [pid 5891] ioctl(4, LOOP_CLR_FD) = 0 [pid 5891] close(4) = 0 [pid 5891] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5891] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5890] <... futex resumed>) = 1 [pid 5891] <... open resumed>) = 5 [pid 5890] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] ftruncate(5, 33587199 [pid 5890] <... futex resumed>) = 0 [ 272.034366][ T5891] loop0: detected capacity change from 0 to 2048 [ 272.050237][ T5891] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 272.062462][ T5891] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5890] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... ftruncate resumed>) = 0 [pid 5891] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5891] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5890] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5890] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5890] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5891] <... mmap resumed>) = 0x20000000 [pid 5891] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5892 attached => {parent_tid=[5892]}, 88) = 5892 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5890] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5892] set_robust_list(0x7f50e61579a0, 24 [pid 5890] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... set_robust_list resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5892] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5890] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] read(6, [pid 5890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5890] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = 1 [pid 5890] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5892] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5891] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 5890] <... futex resumed>) = ? [pid 5891] +++ killed by SIGBUS +++ [pid 5892] +++ killed by SIGBUS +++ [pid 5890] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5890, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/binderfs") = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached , child_tidptr=0x55555720b690) = 5893 [pid 5893] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5893] chdir("./269") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5893] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5894 attached => {parent_tid=[5894]}, 88) = 5894 [pid 5894] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5894] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5894] memfd_create("syzkaller", 0 [pid 5893] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] <... memfd_create resumed>) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5894] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] mkdir("./file0", 0777) = 0 [pid 5894] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./file0") = 0 [pid 5894] ioctl(4, LOOP_CLR_FD) = 0 [pid 5894] close(4) = 0 [pid 5894] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 272.821763][ T5894] loop0: detected capacity change from 0 to 2048 [ 272.842430][ T5894] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 272.854431][ T5894] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5893] <... futex resumed>) = 0 [pid 5894] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5894] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5893] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... open resumed>) = 4 [pid 5894] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5893] <... futex resumed>) = 0 [pid 5894] <... open resumed>) = 5 [pid 5893] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5894] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5894] ftruncate(5, 33587199 [pid 5893] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... ftruncate resumed>) = 0 [pid 5894] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5894] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5894] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5893] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5893] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5894] <... mmap resumed>) = 0x20000000 [pid 5893] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5895 attached [pid 5895] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5893] <... clone3 resumed> => {parent_tid=[5895]}, 88) = 5895 [pid 5895] <... rseq resumed>) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] set_robust_list(0x7f50e61579a0, 24 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5895] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5895] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5894] read(6, [pid 5893] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5893] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5895] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5894] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5893] <... futex resumed>) = ? [pid 5895] +++ killed by SIGBUS +++ [pid 5894] +++ killed by SIGBUS +++ [pid 5893] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5893, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5896 attached [pid 5896] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5896 [pid 5896] <... set_robust_list resumed>) = 0 [pid 5896] chdir("./270") = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5896] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5896] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5897 attached [pid 5897] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5896] <... clone3 resumed> => {parent_tid=[5897]}, 88) = 5897 [pid 5897] <... rseq resumed>) = 0 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] set_robust_list(0x7f50e61789a0, 24 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5896] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] <... futex resumed>) = 0 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5896] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5897] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] mkdir("./file0", 0777) = 0 [pid 5897] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./file0") = 0 [pid 5897] ioctl(4, LOOP_CLR_FD) = 0 [pid 5897] close(4) = 0 [pid 5897] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5896] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 273.536606][ T5897] loop0: detected capacity change from 0 to 2048 [ 273.563216][ T5897] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 273.575577][ T5897] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5897] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5897] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] <... futex resumed>) = 0 [pid 5897] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5896] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] ftruncate(5, 33587199 [pid 5896] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... ftruncate resumed>) = 0 [pid 5897] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5897] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] <... futex resumed>) = 0 [pid 5897] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5896] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5896] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5896] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5898 attached [pid 5898] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5896] <... clone3 resumed> => {parent_tid=[5898]}, 88) = 5898 [pid 5898] <... rseq resumed>) = 0 [pid 5897] <... mmap resumed>) = 0x20000000 [pid 5898] set_robust_list(0x7f50e61579a0, 24 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] <... set_robust_list resumed>) = 0 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5898] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5898] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] read(6, [pid 5896] <... futex resumed>) = 1 [pid 5896] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5896] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5896] <... futex resumed>) = 1 [pid 5896] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5897] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5897] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5896] <... futex resumed>) = ? [pid 5897] +++ killed by SIGBUS +++ [pid 5898] +++ killed by SIGBUS +++ [pid 5896] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5896, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached , child_tidptr=0x55555720b690) = 5899 [pid 5899] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5899] chdir("./271") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5899] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5899] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5900 attached [pid 5900] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5899] <... clone3 resumed> => {parent_tid=[5900]}, 88) = 5900 [pid 5900] <... rseq resumed>) = 0 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5900] set_robust_list(0x7f50e61789a0, 24 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] <... set_robust_list resumed>) = 0 [pid 5899] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5900] memfd_create("syzkaller", 0 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5900] <... memfd_create resumed>) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5900] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5900] close(3) = 0 [pid 5900] mkdir("./file0", 0777) = 0 [pid 5900] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./file0") = 0 [pid 5900] ioctl(4, LOOP_CLR_FD) = 0 [pid 5900] close(4) = 0 [pid 5900] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5900] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5900] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... open resumed>) = 5 [pid 5900] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] ftruncate(5, 33587199 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... ftruncate resumed>) = 0 [ 274.229330][ T5900] loop0: detected capacity change from 0 to 2048 [ 274.245069][ T5900] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 274.257111][ T5900] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5900] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5899] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5899] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5899] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5900] <... mmap resumed>) = 0x20000000 [pid 5899] <... mprotect resumed>) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5900] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5900] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5901 attached [pid 5901] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5901] set_robust_list(0x7f50e61579a0, 24 [pid 5899] <... clone3 resumed> => {parent_tid=[5901]}, 88) = 5901 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5901] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5899] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] read(6, [pid 5899] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5899] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5899] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5900] <... read resumed> ) = ? [pid 5899] <... futex resumed>) = ? [pid 5901] +++ killed by SIGBUS +++ [pid 5900] +++ killed by SIGBUS +++ [pid 5899] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5899, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached [pid 5902] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5902 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5902] chdir("./272") = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5902] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5902] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5902] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5902] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5902] <... clone3 resumed> => {parent_tid=[5903]}, 88) = 5903 [pid 5903] <... rseq resumed>) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] set_robust_list(0x7f50e61789a0, 24 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5902] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] <... futex resumed>) = 0 [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5903] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] mkdir("./file0", 0777) = 0 [pid 5903] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file0") = 0 [pid 5903] ioctl(4, LOOP_CLR_FD) = 0 [pid 5903] close(4) = 0 [pid 5903] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 274.959171][ T5903] loop0: detected capacity change from 0 to 2048 [ 274.975199][ T5903] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 274.987345][ T5903] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5903] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5903] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5902] <... futex resumed>) = 1 [pid 5903] <... open resumed>) = 5 [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] ftruncate(5, 33587199) = 0 [pid 5903] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5903] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5902] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5902] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5903] <... mmap resumed>) = 0x20000000 [pid 5902] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5903] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5904 attached ) = 0 [pid 5902] <... clone3 resumed> => {parent_tid=[5904]}, 88) = 5904 [pid 5904] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] <... rseq resumed>) = 0 [pid 5903] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] set_robust_list(0x7f50e61579a0, 24 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] <... set_robust_list resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5904] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5903] read(6, [pid 5902] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5902] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5902] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5904] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5903] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5902] <... futex resumed>) = ? [pid 5904] +++ killed by SIGBUS +++ [pid 5903] +++ killed by SIGBUS +++ [pid 5902] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5902, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached , child_tidptr=0x55555720b690) = 5905 [pid 5905] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5905] chdir("./273") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5905] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5905] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5905] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5906] <... rseq resumed>) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] set_robust_list(0x7f50e61789a0, 24 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] <... set_robust_list resumed>) = 0 [pid 5905] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... futex resumed>) = 0 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5906] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] mkdir("./file0", 0777) = 0 [pid 5906] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file0") = 0 [pid 5906] ioctl(4, LOOP_CLR_FD) = 0 [pid 5906] close(4) = 0 [pid 5906] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5906] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5905] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... open resumed>) = 4 [ 275.632457][ T5906] loop0: detected capacity change from 0 to 2048 [ 275.658253][ T5906] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 275.670520][ T5906] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5906] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5906] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5905] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... open resumed>) = 5 [pid 5906] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] ftruncate(5, 33587199 [pid 5905] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... ftruncate resumed>) = 0 [pid 5906] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5906] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5905] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5905] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5905] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] <... mmap resumed>) = 0x20000000 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5906] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5906] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5905] <... clone3 resumed> => {parent_tid=[5907]}, 88) = 5907 [pid 5907] <... rseq resumed>) = 0 [pid 5907] set_robust_list(0x7f50e61579a0, 24 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... set_robust_list resumed>) = 0 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5905] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5907] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5907] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5905] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] read(6, [pid 5905] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5905] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5905] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5906] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5906] +++ killed by SIGBUS +++ [pid 5905] <... futex resumed>) = ? [pid 5907] +++ killed by SIGBUS +++ [pid 5905] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5905, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached , child_tidptr=0x55555720b690) = 5908 [pid 5908] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5908] chdir("./274") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5908] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5908] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] memfd_create("syzkaller", 0 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5909] <... memfd_create resumed>) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5909] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] mkdir("./file0", 0777) = 0 [pid 5909] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file0") = 0 [pid 5909] ioctl(4, LOOP_CLR_FD) = 0 [pid 5909] close(4) = 0 [pid 5909] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5908] <... futex resumed>) = 0 [pid 5909] <... open resumed>) = 4 [pid 5908] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5908] <... futex resumed>) = 0 [pid 5909] <... open resumed>) = 5 [pid 5908] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] ftruncate(5, 33587199 [pid 5908] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] <... ftruncate resumed>) = 0 [pid 5908] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] <... futex resumed>) = 0 [pid 5909] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5908] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 276.336396][ T5909] loop0: detected capacity change from 0 to 2048 [ 276.352126][ T5909] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 276.364212][ T5909] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5908] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5908] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5908] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5910 attached [pid 5910] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5908] <... clone3 resumed> => {parent_tid=[5910]}, 88) = 5910 [pid 5910] <... rseq resumed>) = 0 [pid 5910] set_robust_list(0x7f50e61579a0, 24 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... set_robust_list resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5909] <... mmap resumed>) = 0x20000000 [pid 5909] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... openat resumed>) = 6 [pid 5910] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5910] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5909] read(6, [pid 5908] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5908] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 0 [pid 5910] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5909] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5910] +++ killed by SIGBUS +++ [pid 5908] <... futex resumed>) = ? [pid 5909] +++ killed by SIGBUS +++ [pid 5908] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5908, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/binderfs") = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached , child_tidptr=0x55555720b690) = 5911 [pid 5911] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5911] chdir("./275") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5911] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5911] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5912] <... rseq resumed>) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] set_robust_list(0x7f50e61789a0, 24 [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5911] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5912] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] mkdir("./file0", 0777) = 0 [pid 5912] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./file0") = 0 [pid 5912] ioctl(4, LOOP_CLR_FD) = 0 [pid 5912] close(4) = 0 [pid 5912] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5911] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5912] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5912] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 276.991898][ T5912] loop0: detected capacity change from 0 to 2048 [ 277.008816][ T5912] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 277.021060][ T5912] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5911] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... open resumed>) = 5 [pid 5912] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5911] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] ftruncate(5, 33587199 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... ftruncate resumed>) = 0 [pid 5912] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5911] <... futex resumed>) = 0 [pid 5912] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5911] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5911] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5913 attached [pid 5913] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5912] <... mmap resumed>) = 0x20000000 [pid 5911] <... clone3 resumed> => {parent_tid=[5913]}, 88) = 5913 [pid 5912] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... rseq resumed>) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] set_robust_list(0x7f50e61579a0, 24 [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5911] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... futex resumed>) = 0 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... futex resumed>) = 0 [pid 5913] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5912] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] <... openat resumed>) = 6 [pid 5913] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5913] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5911] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] read(6, [pid 5911] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5911] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5913] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5912] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5911] <... futex resumed>) = ? [pid 5913] +++ killed by SIGBUS +++ [pid 5912] +++ killed by SIGBUS +++ [pid 5911] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5911, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached , child_tidptr=0x55555720b690) = 5914 [pid 5914] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5914] chdir("./276") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5914] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5915 attached => {parent_tid=[5915]}, 88) = 5915 [pid 5915] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] <... rseq resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] set_robust_list(0x7f50e61789a0, 24 [pid 5914] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... set_robust_list resumed>) = 0 [pid 5914] <... futex resumed>) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5915] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] mkdir("./file0", 0777) = 0 [pid 5915] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./file0") = 0 [pid 5915] ioctl(4, LOOP_CLR_FD) = 0 [pid 5915] close(4) = 0 [pid 5915] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 0 [ 277.685768][ T5915] loop0: detected capacity change from 0 to 2048 [ 277.711973][ T5915] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 277.724011][ T5915] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5915] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5915] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] <... futex resumed>) = 0 [pid 5915] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5914] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... open resumed>) = 5 [pid 5915] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5914] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] ftruncate(5, 33587199 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... ftruncate resumed>) = 0 [pid 5915] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5914] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5914] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] <... mmap resumed>) = 0x20000000 [pid 5915] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5915] <... futex resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5915] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5916 attached [pid 5916] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5916] set_robust_list(0x7f50e61579a0, 24 [pid 5914] <... clone3 resumed> => {parent_tid=[5916]}, 88) = 5916 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5916] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5915] read(6, [pid 5914] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5914] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5914] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5915] <... read resumed> ) = ? [pid 5914] <... futex resumed>) = ? [pid 5916] +++ killed by SIGBUS +++ [pid 5915] +++ killed by SIGBUS +++ [pid 5914] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5914, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached , child_tidptr=0x55555720b690) = 5917 [pid 5917] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5917] chdir("./277") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5917] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5917] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5918 attached [pid 5918] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5917] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5918] set_robust_list(0x7f50e61789a0, 24 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... set_robust_list resumed>) = 0 [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5918] memfd_create("syzkaller", 0 [pid 5917] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5918] <... memfd_create resumed>) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5918] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] mkdir("./file0", 0777) = 0 [pid 5918] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./file0") = 0 [pid 5918] ioctl(4, LOOP_CLR_FD) = 0 [pid 5918] close(4) = 0 [pid 5918] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5917] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... open resumed>) = 4 [ 278.503626][ T5918] loop0: detected capacity change from 0 to 2048 [ 278.519852][ T5918] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 278.532737][ T5918] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5918] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5917] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... open resumed>) = 5 [pid 5918] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] ftruncate(5, 33587199 [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... ftruncate resumed>) = 0 [pid 5918] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5917] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5917] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5917] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5918] <... mmap resumed>) = 0x20000000 [pid 5917] <... mprotect resumed>) = 0 [pid 5918] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5919 attached [pid 5919] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5919] set_robust_list(0x7f50e61579a0, 24 [pid 5917] <... clone3 resumed> => {parent_tid=[5919]}, 88) = 5919 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5919] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5918] read(6, [pid 5917] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5917] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5917] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 5918] <... read resumed>) = ? [pid 5919] +++ killed by SIGBUS +++ [pid 5918] +++ killed by SIGBUS +++ [pid 5917] <... futex resumed>) = ? [pid 5917] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5917, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached , child_tidptr=0x55555720b690) = 5920 [pid 5920] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5920] chdir("./278") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5920] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5921 attached => {parent_tid=[5921]}, 88) = 5921 [pid 5921] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] set_robust_list(0x7f50e61789a0, 24 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5921] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] mkdir("./file0", 0777) = 0 [pid 5921] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./file0") = 0 [pid 5921] ioctl(4, LOOP_CLR_FD) = 0 [pid 5921] close(4) = 0 [pid 5921] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... open resumed>) = 4 [ 279.370953][ T5921] loop0: detected capacity change from 0 to 2048 [ 279.388123][ T5921] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 279.400098][ T5921] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5921] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... open resumed>) = 5 [pid 5921] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] ftruncate(5, 33587199 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... ftruncate resumed>) = 0 [pid 5921] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5920] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5921] <... mmap resumed>) = 0x20000000 [pid 5921] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5921] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5922 attached [pid 5922] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5920] <... clone3 resumed> => {parent_tid=[5922]}, 88) = 5922 [pid 5922] <... rseq resumed>) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] set_robust_list(0x7f50e61579a0, 24 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5920] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5922] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5920] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... openat resumed>) = 6 [pid 5922] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5922] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 0 [pid 5921] read(6, [pid 5920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5922] <... futex resumed>) = 0 [pid 5922] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5921] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5921] +++ killed by SIGBUS +++ [pid 5920] <... futex resumed>) = ? [pid 5922] +++ killed by SIGBUS +++ [pid 5920] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5920, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5923 attached [pid 5923] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5923 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5923] chdir("./279") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5923] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5924 attached => {parent_tid=[5924]}, 88) = 5924 [pid 5924] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5924] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5924] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5923] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5923] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5924] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] mkdir("./file0", 0777) = 0 [pid 5924] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file0") = 0 [pid 5924] ioctl(4, LOOP_CLR_FD) = 0 [pid 5924] close(4) = 0 [pid 5924] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5924] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5923] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... open resumed>) = 4 [ 280.061450][ T5924] loop0: detected capacity change from 0 to 2048 [ 280.076992][ T5924] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 280.088984][ T5924] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5924] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 0 [pid 5924] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5923] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... open resumed>) = 5 [pid 5924] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] ftruncate(5, 33587199 [pid 5923] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... ftruncate resumed>) = 0 [pid 5924] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 0 [pid 5924] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5923] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5923] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5923] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5924] <... mmap resumed>) = 0x20000000 [pid 5924] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5924] <... futex resumed>) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5924] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 ./strace-static-x86_64: Process 5925 attached [pid 5923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5923] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5925] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5925] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5925] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5923] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] read(6, [pid 5923] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5923] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 0 [pid 5925] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5924] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5925] +++ killed by SIGBUS +++ [pid 5924] +++ killed by SIGBUS +++ [pid 5923] <... futex resumed>) = ? [pid 5923] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5923, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x55555720b690) = 5926 [pid 5926] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5926] chdir("./280") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5926] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5926] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5927] <... rseq resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] set_robust_list(0x7f50e61789a0, 24 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5927] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] mkdir("./file0", 0777) = 0 [pid 5927] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file0") = 0 [pid 5927] ioctl(4, LOOP_CLR_FD) = 0 [pid 5927] close(4) = 0 [pid 5927] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 280.804661][ T5927] loop0: detected capacity change from 0 to 2048 [ 280.819980][ T5927] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 280.832267][ T5927] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5926] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... open resumed>) = 4 [pid 5927] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5927] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5926] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... open resumed>) = 5 [pid 5927] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5927] ftruncate(5, 33587199 [pid 5926] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... ftruncate resumed>) = 0 [pid 5927] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5927] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5926] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5926] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5926] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5928 attached [pid 5928] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5928] set_robust_list(0x7f50e61579a0, 24 [pid 5926] <... clone3 resumed> => {parent_tid=[5928]}, 88) = 5928 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5927] <... mmap resumed>) = 0x20000000 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 0 [pid 5928] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5927] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... openat resumed>) = 6 [pid 5928] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5927] read(6, [pid 5926] <... futex resumed>) = 1 [pid 5926] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5926] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5926] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5928] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5927] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5926] <... futex resumed>) = ? [pid 5928] +++ killed by SIGBUS +++ [pid 5927] +++ killed by SIGBUS +++ [pid 5926] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5926, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5929 [pid 5929] <... set_robust_list resumed>) = 0 [pid 5929] chdir("./281") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5929] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5929] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5930 attached [pid 5930] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5929] <... clone3 resumed> => {parent_tid=[5930]}, 88) = 5930 [pid 5930] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5930] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] memfd_create("syzkaller", 0 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5930] <... memfd_create resumed>) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5930] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] mkdir("./file0", 0777) = 0 [pid 5930] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file0") = 0 [pid 5930] ioctl(4, LOOP_CLR_FD) = 0 [pid 5930] close(4) = 0 [pid 5930] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5930] <... futex resumed>) = 1 [pid 5929] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 281.433320][ T5930] loop0: detected capacity change from 0 to 2048 [ 281.460582][ T5930] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 281.472593][ T5930] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5930] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5930] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5929] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... open resumed>) = 5 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] ftruncate(5, 33587199 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... ftruncate resumed>) = 0 [pid 5930] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5929] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5929] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5930] <... mmap resumed>) = 0x20000000 [pid 5929] <... mprotect resumed>) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5930] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5930] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5931 attached [pid 5931] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5931] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5929] <... clone3 resumed> => {parent_tid=[5931]}, 88) = 5931 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5931] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5931] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] read(6, [pid 5929] <... futex resumed>) = 1 [pid 5929] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5929] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5929] <... futex resumed>) = 1 [pid 5929] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5931] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 5930] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 5929] <... futex resumed>) = ? [pid 5931] +++ killed by SIGBUS +++ [pid 5930] +++ killed by SIGBUS +++ [pid 5929] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5929, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached , child_tidptr=0x55555720b690) = 5932 [pid 5932] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5932] chdir("./282") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5932] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5932] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] <... rseq resumed>) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5933] set_robust_list(0x7f50e61789a0, 24 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5932] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] <... futex resumed>) = 0 [pid 5933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5933] memfd_create("syzkaller", 0) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5933] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] mkdir("./file0", 0777) = 0 [pid 5933] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./file0") = 0 [pid 5933] ioctl(4, LOOP_CLR_FD) = 0 [pid 5933] close(4) = 0 [pid 5933] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... open resumed>) = 4 [pid 5933] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... open resumed>) = 5 [pid 5933] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] ftruncate(5, 33587199 [pid 5932] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 282.143841][ T5933] loop0: detected capacity change from 0 to 2048 [ 282.159500][ T5933] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 282.173829][ T5933] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... ftruncate resumed>) = 0 [pid 5933] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5932] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5932] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5933] <... mmap resumed>) = 0x20000000 [pid 5933] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5934 attached ) = 0 [pid 5933] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5932] <... clone3 resumed> => {parent_tid=[5934]}, 88) = 5934 [pid 5934] <... rseq resumed>) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] set_robust_list(0x7f50e61579a0, 24 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5932] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] <... futex resumed>) = 0 [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5934] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5934] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] read(6, [pid 5932] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5932] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5932] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5932] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5933] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5933] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5932] <... futex resumed>) = ? [pid 5934] +++ killed by SIGBUS +++ [pid 5933] +++ killed by SIGBUS +++ [pid 5932] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5932, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached , child_tidptr=0x55555720b690) = 5935 [pid 5935] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5935] chdir("./283") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5935] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5936 attached [pid 5936] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5935] <... clone3 resumed> => {parent_tid=[5936]}, 88) = 5936 [pid 5936] <... rseq resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5936] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] mkdir("./file0", 0777) = 0 [pid 5936] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file0") = 0 [pid 5936] ioctl(4, LOOP_CLR_FD) = 0 [pid 5936] close(4) = 0 [pid 5936] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... futex resumed>) = 0 [pid 5936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 282.865373][ T5936] loop0: detected capacity change from 0 to 2048 [ 282.875785][ T5936] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 282.888411][ T5936] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5936] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... futex resumed>) = 1 [pid 5936] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5936] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5936] <... futex resumed>) = 1 [pid 5935] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] ftruncate(5, 33587199 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... ftruncate resumed>) = 0 [pid 5936] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... futex resumed>) = 1 [pid 5936] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5935] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5935] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5935] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5936] <... mmap resumed>) = 0x20000000 [pid 5936] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5936] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5937 attached [pid 5936] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5937] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5935] <... clone3 resumed> => {parent_tid=[5937]}, 88) = 5937 [pid 5937] <... rseq resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] set_robust_list(0x7f50e61579a0, 24 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5935] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... futex resumed>) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5937] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5937] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5936] read(6, [pid 5935] <... futex resumed>) = 1 [pid 5935] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5935] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5935] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5937] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5936] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5936] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5937] +++ killed by SIGBUS +++ [pid 5935] <... futex resumed>) = ? [pid 5936] +++ killed by SIGBUS +++ [pid 5935] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5935, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5938 [pid 5938] <... set_robust_list resumed>) = 0 [pid 5938] chdir("./284") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5938] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5938] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5939] <... rseq resumed>) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] set_robust_list(0x7f50e61789a0, 24 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5938] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... futex resumed>) = 0 [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5939] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] mkdir("./file0", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./file0") = 0 [pid 5939] ioctl(4, LOOP_CLR_FD) = 0 [pid 5939] close(4) = 0 [ 283.635504][ T5939] loop0: detected capacity change from 0 to 2048 [ 283.661146][ T5939] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 283.673118][ T5939] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5939] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5939] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5938] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... open resumed>) = 4 [pid 5939] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] <... futex resumed>) = 0 [pid 5939] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5938] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... open resumed>) = 5 [pid 5939] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5939] ftruncate(5, 33587199 [pid 5938] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... ftruncate resumed>) = 0 [pid 5939] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = 0 [pid 5939] <... futex resumed>) = 1 [pid 5938] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5938] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5938] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5939] <... mmap resumed>) = 0x20000000 [pid 5939] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5939] <... futex resumed>) = 0 [pid 5938] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5939] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5940 attached [pid 5940] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5938] <... clone3 resumed> => {parent_tid=[5940]}, 88) = 5940 [pid 5940] <... rseq resumed>) = 0 [pid 5940] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5940] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5938] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5938] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5940] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5939] read(6, [pid 5938] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5938] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5938] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5940] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5939] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5938] <... futex resumed>) = ? [pid 5940] +++ killed by SIGBUS +++ [pid 5939] +++ killed by SIGBUS +++ [pid 5938] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5938, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x55555720b690) = 5941 [pid 5941] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5941] chdir("./285") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5941] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5942 attached => {parent_tid=[5942]}, 88) = 5942 [pid 5942] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5942] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] <... memfd_create resumed>) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5942] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] mkdir("./file0", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./file0") = 0 [pid 5942] ioctl(4, LOOP_CLR_FD) = 0 [pid 5942] close(4) = 0 [pid 5942] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5941] <... futex resumed>) = 0 [pid 5942] <... open resumed>) = 4 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5942] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5941] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... open resumed>) = 5 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5942] ftruncate(5, 33587199 [pid 5941] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... ftruncate resumed>) = 0 [pid 5942] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [ 284.329849][ T5942] loop0: detected capacity change from 0 to 2048 [ 284.345419][ T5942] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 284.357555][ T5942] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5941] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5941] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5943 attached => {parent_tid=[5943]}, 88) = 5943 [pid 5943] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... rseq resumed>) = 0 [pid 5941] <... futex resumed>) = 0 [pid 5943] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5941] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5943] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5943] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... mmap resumed>) = 0x20000000 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5943] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] read(6, [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 0 [pid 5943] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5942] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5942] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = ? [pid 5942] <... futex resumed>) = ? [pid 5943] +++ killed by SIGBUS +++ [pid 5942] +++ killed by SIGBUS +++ [pid 5941] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5941, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached , child_tidptr=0x55555720b690) = 5944 [pid 5944] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5944] chdir("./286") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5944] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5945 attached => {parent_tid=[5945]}, 88) = 5945 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5944] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5945] set_robust_list(0x7f50e61789a0, 24 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] <... set_robust_list resumed>) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5945] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] mkdir("./file0", 0777) = 0 [pid 5945] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] ioctl(4, LOOP_CLR_FD) = 0 [pid 5945] close(4) = 0 [pid 5945] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 284.967275][ T5945] loop0: detected capacity change from 0 to 2048 [ 284.988053][ T5945] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 285.000079][ T5945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5945] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = 1 [pid 5944] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5944] <... futex resumed>) = 0 [pid 5945] <... open resumed>) = 5 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] ftruncate(5, 33587199 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... ftruncate resumed>) = 0 [pid 5945] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = 1 [pid 5944] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5944] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] <... mmap resumed>) = 0x20000000 [pid 5945] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5944] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] <... rseq resumed>) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] set_robust_list(0x7f50e61579a0, 24 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5944] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... futex resumed>) = 0 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5946] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5946] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... futex resumed>) = 0 [pid 5945] read(6, [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 1 [pid 5944] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20079000} --- [pid 5945] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 208768 [pid 5944] <... futex resumed>) = ? [pid 5946] +++ killed by SIGBUS +++ [pid 5945] +++ killed by SIGBUS +++ [pid 5944] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5944, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5947 attached , child_tidptr=0x55555720b690) = 5947 [pid 5947] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5947] chdir("./287") = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5947] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5947] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5948 attached => {parent_tid=[5948]}, 88) = 5948 [pid 5948] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5948] set_robust_list(0x7f50e61789a0, 24 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5947] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] <... futex resumed>) = 0 [pid 5948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5948] memfd_create("syzkaller", 0) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5948] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] mkdir("./file0", 0777) = 0 [pid 5948] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./file0") = 0 [pid 5948] ioctl(4, LOOP_CLR_FD) = 0 [pid 5948] close(4) = 0 [ 285.674676][ T5948] loop0: detected capacity change from 0 to 2048 [ 285.702226][ T5948] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 285.714407][ T5948] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5948] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5947] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5948] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5947] <... futex resumed>) = 1 [pid 5948] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5947] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... open resumed>) = 5 [pid 5948] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] <... futex resumed>) = 0 [pid 5948] ftruncate(5, 33587199 [pid 5947] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... ftruncate resumed>) = 0 [pid 5948] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5947] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5947] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5947] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5948] <... mmap resumed>) = 0x20000000 [pid 5948] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5949 attached [pid 5949] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5948] <... futex resumed>) = 0 [pid 5947] <... clone3 resumed> => {parent_tid=[5949]}, 88) = 5949 [pid 5949] <... rseq resumed>) = 0 [pid 5948] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5949] set_robust_list(0x7f50e61579a0, 24 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5947] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] <... futex resumed>) = 0 [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5949] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5949] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] read(6, [pid 5947] <... futex resumed>) = 1 [pid 5947] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5947] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] <... futex resumed>) = 0 [pid 5947] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 5948] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 5948] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... futex resumed>) = ? [pid 5948] <... futex resumed>) = ? [pid 5949] +++ killed by SIGBUS +++ [pid 5948] +++ killed by SIGBUS +++ [pid 5947] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5947, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached , child_tidptr=0x55555720b690) = 5950 [pid 5950] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5950] chdir("./288") = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5950] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5950] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5951 attached [pid 5951] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5950] <... clone3 resumed> => {parent_tid=[5951]}, 88) = 5951 [pid 5951] set_robust_list(0x7f50e61789a0, 24 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] <... set_robust_list resumed>) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] <... futex resumed>) = 0 [pid 5951] memfd_create("syzkaller", 0 [pid 5950] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5951] <... memfd_create resumed>) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5951] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] mkdir("./file0", 0777) = 0 [pid 5951] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./file0") = 0 [pid 5951] ioctl(4, LOOP_CLR_FD) = 0 [pid 5951] close(4) = 0 [pid 5951] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 286.426987][ T5951] loop0: detected capacity change from 0 to 2048 [ 286.443200][ T5951] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 286.455365][ T5951] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5951] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5950] <... futex resumed>) = 1 [pid 5951] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5950] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... open resumed>) = 4 [pid 5951] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 1 [pid 5950] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5950] <... futex resumed>) = 0 [pid 5951] <... open resumed>) = 5 [pid 5950] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 1 [pid 5950] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] ftruncate(5, 33587199 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... ftruncate resumed>) = 0 [pid 5951] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5951] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5950] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5950] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5952 attached [pid 5951] <... mmap resumed>) = 0x20000000 [pid 5952] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5951] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... clone3 resumed> => {parent_tid=[5952]}, 88) = 5952 [pid 5952] <... rseq resumed>) = 0 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] set_robust_list(0x7f50e61579a0, 24 [pid 5951] <... futex resumed>) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5950] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... futex resumed>) = 0 [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5952] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5952] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5950] <... futex resumed>) = 1 [pid 5951] read(6, [pid 5950] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5950] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 0 [pid 5952] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006c000} --- [pid 5951] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 257920 [pid 5951] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... futex resumed>) = ? [pid 5951] <... futex resumed>) = ? [pid 5952] +++ killed by SIGBUS +++ [pid 5951] +++ killed by SIGBUS +++ [pid 5950] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5950, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached , child_tidptr=0x55555720b690) = 5953 [pid 5953] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5953] chdir("./289") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5953] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5954 attached [pid 5954] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5953] <... clone3 resumed> => {parent_tid=[5954]}, 88) = 5954 [pid 5954] <... rseq resumed>) = 0 [pid 5954] set_robust_list(0x7f50e61789a0, 24 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5954] <... set_robust_list resumed>) = 0 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5954] memfd_create("syzkaller", 0) = 3 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5954] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] mkdir("./file0", 0777) = 0 [pid 5954] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./file0") = 0 [pid 5954] ioctl(4, LOOP_CLR_FD) = 0 [pid 5954] close(4) = 0 [pid 5954] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5954] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5953] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 287.133153][ T5954] loop0: detected capacity change from 0 to 2048 [ 287.154314][ T5954] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 287.166429][ T5954] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5953] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... open resumed>) = 4 [pid 5954] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5953] <... futex resumed>) = 0 [pid 5954] <... open resumed>) = 5 [pid 5953] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5954] ftruncate(5, 33587199 [pid 5953] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... ftruncate resumed>) = 0 [pid 5954] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5953] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5953] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5953] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5954] <... mmap resumed>) = 0x20000000 [pid 5954] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5955 attached [pid 5955] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5953] <... clone3 resumed> => {parent_tid=[5955]}, 88) = 5955 [pid 5955] <... rseq resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] set_robust_list(0x7f50e61579a0, 24 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5953] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... futex resumed>) = 0 [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5955] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5954] read(6, [pid 5953] <... futex resumed>) = 1 [pid 5953] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5953] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5953] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5954] <... read resumed> ) = ? [pid 5953] <... futex resumed>) = ? [pid 5955] +++ killed by SIGBUS +++ [pid 5954] +++ killed by SIGBUS +++ [pid 5953] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5953, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached [pid 5956] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5956 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5956] chdir("./290") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5956] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5957 attached [pid 5957] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5956] <... clone3 resumed> => {parent_tid=[5957]}, 88) = 5957 [pid 5957] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] memfd_create("syzkaller", 0 [pid 5956] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... memfd_create resumed>) = 3 [pid 5956] <... futex resumed>) = 0 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5956] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5957] <... mmap resumed>) = 0x7f50ddd58000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5957] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] mkdir("./file0", 0777) = 0 [pid 5957] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file0") = 0 [pid 5957] ioctl(4, LOOP_CLR_FD) = 0 [pid 5957] close(4) = 0 [pid 5957] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5956] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... open resumed>) = 4 [pid 5957] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5956] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5956] <... futex resumed>) = 0 [pid 5957] <... open resumed>) = 5 [ 287.797371][ T5957] loop0: detected capacity change from 0 to 2048 [ 287.817856][ T5957] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 287.830111][ T5957] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5956] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5956] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] ftruncate(5, 33587199 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... ftruncate resumed>) = 0 [pid 5957] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5956] <... futex resumed>) = 1 [pid 5957] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5956] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5956] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5956] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5958 attached => {parent_tid=[5958]}, 88) = 5958 [pid 5958] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] set_robust_list(0x7f50e61579a0, 24 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5956] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... futex resumed>) = 0 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5958] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... mmap resumed>) = 0x20000000 [pid 5958] <... futex resumed>) = 1 [pid 5957] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5956] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] read(6, [pid 5956] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5956] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5956] <... futex resumed>) = 1 [pid 5956] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5958] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5957] <... read resumed>) = ? [pid 5956] <... futex resumed>) = ? [pid 5958] +++ killed by SIGBUS +++ [pid 5957] +++ killed by SIGBUS +++ [pid 5956] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5956, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5959 attached , child_tidptr=0x55555720b690) = 5959 [pid 5959] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5959] chdir("./291") = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5959] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5960 attached [pid 5960] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5959] <... clone3 resumed> => {parent_tid=[5960]}, 88) = 5960 [pid 5960] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5959] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] memfd_create("syzkaller", 0 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5960] <... memfd_create resumed>) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5960] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5960] close(3) = 0 [pid 5960] mkdir("./file0", 0777) = 0 [ 288.453770][ T5960] loop0: detected capacity change from 0 to 2048 [ 288.485245][ T5960] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 5960] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5960] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./file0") = 0 [pid 5960] ioctl(4, LOOP_CLR_FD) = 0 [pid 5960] close(4) = 0 [pid 5960] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [ 288.496742][ T5960] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5959] <... futex resumed>) = 1 [pid 5960] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... open resumed>) = 4 [pid 5960] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5959] <... futex resumed>) = 0 [pid 5960] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... open resumed>) = 5 [pid 5960] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] ftruncate(5, 33587199 [pid 5959] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... ftruncate resumed>) = 0 [pid 5960] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5959] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5959] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5959] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5960] <... mmap resumed>) = 0x20000000 [pid 5960] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... mprotect resumed>) = 0 [pid 5960] <... futex resumed>) = 0 [pid 5959] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5960] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5961 attached [pid 5961] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5959] <... clone3 resumed> => {parent_tid=[5961]}, 88) = 5961 [pid 5961] <... rseq resumed>) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] set_robust_list(0x7f50e61579a0, 24 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5959] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] <... futex resumed>) = 0 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5959] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5961] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5961] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5959] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] read(6, [pid 5959] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5959] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5959] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5961] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5960] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 5959] <... futex resumed>) = ? [pid 5960] +++ killed by SIGBUS +++ [pid 5961] +++ killed by SIGBUS +++ [pid 5959] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5959, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached , child_tidptr=0x55555720b690) = 5962 [pid 5962] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5962] chdir("./292") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5962] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5963] set_robust_list(0x7f50e61789a0, 24 [pid 5962] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] <... memfd_create resumed>) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5963] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] mkdir("./file0", 0777) = 0 [pid 5963] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./file0") = 0 [pid 5963] ioctl(4, LOOP_CLR_FD) = 0 [pid 5963] close(4) = 0 [pid 5963] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5963] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... open resumed>) = 4 [ 289.226072][ T5963] loop0: detected capacity change from 0 to 2048 [ 289.242060][ T5963] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 289.254185][ T5963] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5963] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5963] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5962] <... futex resumed>) = 1 [pid 5963] <... open resumed>) = 5 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] ftruncate(5, 33587199 [pid 5962] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... ftruncate resumed>) = 0 [pid 5963] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5962] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5962] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5964 attached [pid 5963] <... mmap resumed>) = 0x20000000 [pid 5964] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5963] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... clone3 resumed> => {parent_tid=[5964]}, 88) = 5964 [pid 5964] <... rseq resumed>) = 0 [pid 5963] <... futex resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] set_robust_list(0x7f50e61579a0, 24 [pid 5963] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] <... set_robust_list resumed>) = 0 [pid 5962] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] <... futex resumed>) = 0 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5964] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5964] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5962] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] read(6, [pid 5962] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5962] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5962] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5963] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5963] ???() = ? [pid 5963] +++ killed by SIGBUS +++ [pid 5962] <... futex resumed>) = ? [pid 5964] +++ killed by SIGBUS +++ [pid 5962] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5962, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/binderfs") = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached , child_tidptr=0x55555720b690) = 5965 [pid 5965] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5965] chdir("./293") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5965] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5965] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5965] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5966 attached [pid 5966] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5965] <... clone3 resumed> => {parent_tid=[5966]}, 88) = 5966 [pid 5966] <... rseq resumed>) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] set_robust_list(0x7f50e61789a0, 24 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5965] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5965] <... futex resumed>) = 0 [pid 5966] memfd_create("syzkaller", 0 [pid 5965] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5966] <... memfd_create resumed>) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5966] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5966] close(3) = 0 [pid 5966] mkdir("./file0", 0777) = 0 [pid 5966] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5966] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] chdir("./file0") = 0 [pid 5966] ioctl(4, LOOP_CLR_FD) = 0 [pid 5966] close(4) = 0 [ 289.948301][ T5966] loop0: detected capacity change from 0 to 2048 [ 289.975988][ T5966] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 289.988144][ T5966] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5966] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5965] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... open resumed>) = 4 [pid 5966] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5965] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5965] <... futex resumed>) = 0 [pid 5966] <... open resumed>) = 5 [pid 5965] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5965] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] ftruncate(5, 33587199 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... ftruncate resumed>) = 0 [pid 5966] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] <... futex resumed>) = 0 [pid 5966] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5965] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5965] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5965] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5966] <... mmap resumed>) = 0x20000000 [pid 5966] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5967 attached [pid 5967] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5965] <... clone3 resumed> => {parent_tid=[5967]}, 88) = 5967 [pid 5967] <... rseq resumed>) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] set_robust_list(0x7f50e61579a0, 24 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5965] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] <... futex resumed>) = 0 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5967] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5967] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] read(6, [pid 5965] <... futex resumed>) = 1 [pid 5965] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5965] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5965] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5966] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5965] <... futex resumed>) = ? [pid 5967] +++ killed by SIGBUS +++ [pid 5966] +++ killed by SIGBUS +++ [pid 5965] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5965, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/binderfs") = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached , child_tidptr=0x55555720b690) = 5968 [pid 5968] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5968] chdir("./294") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5968] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5968] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5969 attached [pid 5969] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5968] <... clone3 resumed> => {parent_tid=[5969]}, 88) = 5969 [pid 5969] <... rseq resumed>) = 0 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5969] set_robust_list(0x7f50e61789a0, 24 [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5968] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] <... futex resumed>) = 0 [pid 5969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5969] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] mkdir("./file0", 0777) = 0 [pid 5969] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./file0") = 0 [pid 5969] ioctl(4, LOOP_CLR_FD) = 0 [pid 5969] close(4) = 0 [pid 5969] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... futex resumed>) = 1 [pid 5969] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5969] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5968] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... open resumed>) = 5 [pid 5968] <... futex resumed>) = 0 [ 290.574899][ T5969] loop0: detected capacity change from 0 to 2048 [ 290.585258][ T5969] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 290.596943][ T5969] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5968] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] ftruncate(5, 33587199 [pid 5968] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... ftruncate resumed>) = 0 [pid 5969] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5968] <... futex resumed>) = 0 [pid 5969] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5968] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5968] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5968] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5969] <... mmap resumed>) = 0x20000000 [pid 5968] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5970 attached [pid 5970] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5969] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... clone3 resumed> => {parent_tid=[5970]}, 88) = 5970 [pid 5970] <... rseq resumed>) = 0 [pid 5969] <... futex resumed>) = 0 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] set_robust_list(0x7f50e61579a0, 24 [pid 5969] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] <... set_robust_list resumed>) = 0 [pid 5968] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] <... futex resumed>) = 0 [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5970] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5970] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... futex resumed>) = 0 [pid 5969] read(6, [pid 5968] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5968] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = 0 [pid 5968] <... futex resumed>) = 1 [pid 5968] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5970] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 5969] <... read resumed>) = ? [pid 5968] <... futex resumed>) = ? [pid 5970] +++ killed by SIGBUS +++ [pid 5969] +++ killed by SIGBUS +++ [pid 5968] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5968, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/binderfs") = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached , child_tidptr=0x55555720b690) = 5971 [pid 5971] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5971] chdir("./295") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5971] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5972 attached [pid 5972] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5971] <... clone3 resumed> => {parent_tid=[5972]}, 88) = 5972 [pid 5972] <... rseq resumed>) = 0 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5972] set_robust_list(0x7f50e61789a0, 24 [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5972] <... set_robust_list resumed>) = 0 [pid 5971] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5971] <... futex resumed>) = 0 [pid 5972] memfd_create("syzkaller", 0 [pid 5971] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5972] <... memfd_create resumed>) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5972] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] mkdir("./file0", 0777) = 0 [pid 5972] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./file0") = 0 [pid 5972] ioctl(4, LOOP_CLR_FD) = 0 [pid 5972] close(4) = 0 [pid 5972] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5971] <... futex resumed>) = 0 [pid 5972] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5971] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... open resumed>) = 4 [pid 5972] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5971] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... open resumed>) = 5 [ 291.243371][ T5972] loop0: detected capacity change from 0 to 2048 [ 291.258060][ T5972] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 291.270339][ T5972] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5972] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] ftruncate(5, 33587199 [pid 5971] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... ftruncate resumed>) = 0 [pid 5972] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5971] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5971] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5972] <... mmap resumed>) = 0x20000000 [pid 5971] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5972] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] <... mprotect resumed>) = 0 [pid 5971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5973 attached [pid 5973] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5971] <... clone3 resumed> => {parent_tid=[5973]}, 88) = 5973 [pid 5973] <... rseq resumed>) = 0 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5973] set_robust_list(0x7f50e61579a0, 24 [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5971] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5973] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5973] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... futex resumed>) = 0 [pid 5972] read(6, [pid 5971] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5971] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 0 [pid 5973] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5972] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5973] +++ killed by SIGBUS +++ [pid 5971] <... futex resumed>) = ? [pid 5972] +++ killed by SIGBUS +++ [pid 5971] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5971, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/binderfs") = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached , child_tidptr=0x55555720b690) = 5974 [pid 5974] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5974] chdir("./296") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5974] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5974] <... clone3 resumed> => {parent_tid=[5975]}, 88) = 5975 [pid 5975] <... rseq resumed>) = 0 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] set_robust_list(0x7f50e61789a0, 24 [pid 5974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] <... set_robust_list resumed>) = 0 [pid 5974] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], [pid 5974] <... futex resumed>) = 0 [pid 5975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5974] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5975] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] mkdir("./file0", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./file0") = 0 [pid 5975] ioctl(4, LOOP_CLR_FD) = 0 [pid 5975] close(4) = 0 [pid 5975] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5975] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5974] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... open resumed>) = 4 [pid 5975] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5975] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5974] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... open resumed>) = 5 [ 291.988043][ T5975] loop0: detected capacity change from 0 to 2048 [ 292.000889][ T5975] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 292.013019][ T5975] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5975] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5975] <... futex resumed>) = 1 [pid 5974] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] ftruncate(5, 33587199 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... ftruncate resumed>) = 0 [pid 5975] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5975] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... futex resumed>) = 0 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5974] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5974] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5975] <... mmap resumed>) = 0x20000000 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5975] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5975] <... futex resumed>) = 0 [pid 5975] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5976 attached [pid 5976] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5974] <... clone3 resumed> => {parent_tid=[5976]}, 88) = 5976 [pid 5976] <... rseq resumed>) = 0 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], [pid 5976] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5974] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5974] <... futex resumed>) = 0 [pid 5976] <... openat resumed>) = 6 [pid 5974] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] <... futex resumed>) = 0 [pid 5974] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5975] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 1 [pid 5975] read(6, [pid 5974] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5974] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5976] <... futex resumed>) = 0 [pid 5976] memfd_create("syzkaller", 0) = 7 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 5976] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5976] munmap(0x7f50ddd37000, 138412032) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 5976] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5976] ioctl(8, LOOP_CLR_FD) = 0 [pid 5976] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 5976] close(8) = 0 [pid 5976] close(7) = 0 [pid 5976] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] exit_group(0 [pid 5976] <... futex resumed>) = ? [pid 5974] <... exit_group resumed>) = ? [pid 5976] +++ exited with 0 +++ [pid 5975] <... read resumed> ) = ? [pid 5975] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=51 /* 0.51 s */} --- umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/binderfs") = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached , child_tidptr=0x55555720b690) = 5977 [pid 5977] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5977] chdir("./297") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5977] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5978 attached [pid 5978] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5977] <... clone3 resumed> => {parent_tid=[5978]}, 88) = 5978 [pid 5978] set_robust_list(0x7f50e61789a0, 24 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], [pid 5978] <... set_robust_list resumed>) = 0 [pid 5977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5978] memfd_create("syzkaller", 0 [pid 5977] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5978] <... memfd_create resumed>) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5978] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] mkdir("./file0", 0777) = 0 [pid 5978] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./file0") = 0 [pid 5978] ioctl(4, LOOP_CLR_FD) = 0 [pid 5978] close(4) = 0 [pid 5978] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5978] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] <... futex resumed>) = 0 [pid 5978] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5977] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... open resumed>) = 4 [pid 5978] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5978] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5978] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5978] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... futex resumed>) = 1 [pid 5977] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 293.167620][ T5978] loop0: detected capacity change from 0 to 2048 [ 293.192479][ T5978] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 293.204645][ T5978] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5977] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] ftruncate(5, 33587199) = 0 [pid 5978] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... futex resumed>) = 1 [pid 5977] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 1 [pid 5978] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5977] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5977] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5977] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5978] <... mmap resumed>) = 0x20000000 [pid 5977] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5978] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5979 attached [pid 5979] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5977] <... clone3 resumed> => {parent_tid=[5979]}, 88) = 5979 [pid 5979] <... rseq resumed>) = 0 [pid 5979] set_robust_list(0x7f50e61579a0, 24 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], [pid 5979] <... set_robust_list resumed>) = 0 [pid 5977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5979] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5979] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] read(6, [pid 5977] <... futex resumed>) = 1 [pid 5977] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5977] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 0 [pid 5979] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5978] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5977] <... futex resumed>) = ? [pid 5979] +++ killed by SIGBUS +++ [pid 5978] +++ killed by SIGBUS +++ [pid 5977] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5977, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/binderfs") = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5980 attached , child_tidptr=0x55555720b690) = 5980 [pid 5980] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5980] chdir("./298") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5980] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5980] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5981 attached [pid 5981] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5980] <... clone3 resumed> => {parent_tid=[5981]}, 88) = 5981 [pid 5981] <... rseq resumed>) = 0 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], [pid 5981] set_robust_list(0x7f50e61789a0, 24 [pid 5980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], [pid 5980] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] <... futex resumed>) = 0 [pid 5981] memfd_create("syzkaller", 0 [pid 5980] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5981] <... memfd_create resumed>) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5981] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] mkdir("./file0", 0777) = 0 [pid 5981] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./file0") = 0 [pid 5981] ioctl(4, LOOP_CLR_FD) = 0 [pid 5981] close(4) = 0 [pid 5981] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5980] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... open resumed>) = 4 [pid 5981] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... futex resumed>) = 0 [ 293.823171][ T5981] loop0: detected capacity change from 0 to 2048 [ 293.841114][ T5981] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 293.853284][ T5981] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5980] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5980] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... open resumed>) = 5 [pid 5981] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5981] ftruncate(5, 33587199 [pid 5980] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... ftruncate resumed>) = 0 [pid 5981] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5981] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5981] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5980] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5980] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5980] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5982 attached [pid 5982] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5982] set_robust_list(0x7f50e61579a0, 24 [pid 5980] <... clone3 resumed> => {parent_tid=[5982]}, 88) = 5982 [pid 5982] <... set_robust_list resumed>) = 0 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5980] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5981] <... mmap resumed>) = 0x20000000 [pid 5982] <... openat resumed>) = 6 [pid 5981] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5982] <... futex resumed>) = 1 [pid 5981] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5981] read(6, [pid 5980] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5980] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5980] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5982] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 5981] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 5980] <... futex resumed>) = ? [pid 5981] +++ killed by SIGBUS +++ [pid 5982] +++ killed by SIGBUS +++ [pid 5980] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5980, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/binderfs") = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5983 attached , child_tidptr=0x55555720b690) = 5983 [pid 5983] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5983] chdir("./299") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5983] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5983] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5984 attached => {parent_tid=[5984]}, 88) = 5984 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5984] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5983] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] set_robust_list(0x7f50e61789a0, 24 [pid 5983] <... futex resumed>) = 0 [pid 5984] <... set_robust_list resumed>) = 0 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5984] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] mkdir("./file0", 0777) = 0 [pid 5984] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5984] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5984] chdir("./file0") = 0 [pid 5984] ioctl(4, LOOP_CLR_FD) = 0 [pid 5984] close(4) = 0 [pid 5984] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5984] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 0 [pid 5984] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] <... open resumed>) = 4 [pid 5984] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 294.489033][ T5984] loop0: detected capacity change from 0 to 2048 [ 294.505888][ T5984] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 294.518166][ T5984] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5984] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5984] ftruncate(5, 33587199 [pid 5983] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] <... ftruncate resumed>) = 0 [pid 5984] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5983] <... futex resumed>) = 1 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5983] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5983] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5984] <... mmap resumed>) = 0x20000000 [pid 5984] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5985 attached [pid 5985] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5983] <... clone3 resumed> => {parent_tid=[5985]}, 88) = 5985 [pid 5985] <... rseq resumed>) = 0 [pid 5985] set_robust_list(0x7f50e61579a0, 24 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] <... set_robust_list resumed>) = 0 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5985] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5983] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5985] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5985] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] read(6, [pid 5983] <... futex resumed>) = 1 [pid 5983] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5983] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5983] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5984] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5984] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = ? [pid 5985] +++ killed by SIGBUS +++ [pid 5984] <... futex resumed>) = ? [pid 5984] +++ killed by SIGBUS +++ [pid 5983] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5983, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/binderfs") = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555720b690) = 5986 ./strace-static-x86_64: Process 5986 attached [pid 5986] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5986] chdir("./300") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5986] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5986] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5987 attached [pid 5987] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5986] <... clone3 resumed> => {parent_tid=[5987]}, 88) = 5987 [pid 5987] <... rseq resumed>) = 0 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] set_robust_list(0x7f50e61789a0, 24 [pid 5986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5986] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... futex resumed>) = 0 [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5987] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] mkdir("./file0", 0777) = 0 [pid 5987] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./file0") = 0 [pid 5987] ioctl(4, LOOP_CLR_FD) = 0 [pid 5987] close(4) = 0 [pid 5987] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5986] <... futex resumed>) = 0 [ 295.203960][ T5987] loop0: detected capacity change from 0 to 2048 [ 295.221608][ T5987] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 295.233713][ T5987] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5986] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... open resumed>) = 4 [pid 5987] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5986] <... futex resumed>) = 0 [pid 5987] <... open resumed>) = 5 [pid 5986] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] ftruncate(5, 33587199 [pid 5986] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... ftruncate resumed>) = 0 [pid 5987] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5986] <... futex resumed>) = 0 [pid 5987] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5986] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5986] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5986] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5987] <... mmap resumed>) = 0x20000000 [pid 5986] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5987] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5988 attached [pid 5988] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5986] <... clone3 resumed> => {parent_tid=[5988]}, 88) = 5988 [pid 5988] set_robust_list(0x7f50e61579a0, 24 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5986] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... set_robust_list resumed>) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5988] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5988] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] read(6, [pid 5986] <... futex resumed>) = 1 [pid 5986] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5986] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5986] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5988] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 5987] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 5987] +++ killed by SIGBUS +++ [pid 5986] <... futex resumed>) = ? [pid 5988] +++ killed by SIGBUS +++ [pid 5986] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5986, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/binderfs") = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5989 attached , child_tidptr=0x55555720b690) = 5989 [pid 5989] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5989] chdir("./301") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5989] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5989] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5990 attached => {parent_tid=[5990]}, 88) = 5990 [pid 5990] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5990] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5990] memfd_create("syzkaller", 0) = 3 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5990] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5990] close(3) = 0 [pid 5990] mkdir("./file0", 0777) = 0 [pid 5990] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] chdir("./file0") = 0 [pid 5990] ioctl(4, LOOP_CLR_FD) = 0 [pid 5990] close(4) = 0 [pid 5990] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5989] <... futex resumed>) = 0 [pid 5990] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5989] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... open resumed>) = 4 [pid 5990] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5989] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5989] <... futex resumed>) = 0 [pid 5990] <... open resumed>) = 5 [pid 5989] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 295.968874][ T5990] loop0: detected capacity change from 0 to 2048 [ 295.984633][ T5990] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 295.996485][ T5990] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5989] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5990] <... futex resumed>) = 0 [pid 5989] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] ftruncate(5, 33587199) = 0 [pid 5990] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5989] <... futex resumed>) = 0 [pid 5990] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5989] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5989] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5989] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5990] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5991 attached [pid 5991] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5989] <... clone3 resumed> => {parent_tid=[5991]}, 88) = 5991 [pid 5991] set_robust_list(0x7f50e61579a0, 24 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5991] <... set_robust_list resumed>) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] <... futex resumed>) = 0 [pid 5989] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5990] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... openat resumed>) = 6 [pid 5991] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5991] <... futex resumed>) = 1 [pid 5990] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] <... futex resumed>) = 0 [pid 5991] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = 1 [pid 5990] read(6, [pid 5989] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5989] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5991] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = 1 [pid 5989] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5991] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5990] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5990] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] +++ killed by SIGBUS +++ [pid 5989] <... futex resumed>) = ? [pid 5991] +++ killed by SIGBUS +++ [pid 5989] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5989, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/binderfs") = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5992 attached [pid 5992] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5992 [pid 5992] <... set_robust_list resumed>) = 0 [pid 5992] chdir("./302") = 0 [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5992] setpgid(0, 0) = 0 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5992] write(3, "1000", 4) = 4 [pid 5992] close(3) = 0 [pid 5992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5992] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5992] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5993 attached [pid 5993] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5992] <... clone3 resumed> => {parent_tid=[5993]}, 88) = 5993 [pid 5993] <... rseq resumed>) = 0 [pid 5993] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5992] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5992] <... futex resumed>) = 1 [pid 5993] memfd_create("syzkaller", 0 [pid 5992] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5993] <... memfd_create resumed>) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5993] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] mkdir("./file0", 0777) = 0 [pid 5993] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./file0") = 0 [pid 5993] ioctl(4, LOOP_CLR_FD) = 0 [pid 5993] close(4) = 0 [pid 5993] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [ 296.651766][ T5993] loop0: detected capacity change from 0 to 2048 [ 296.677224][ T5993] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 296.689251][ T5993] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5992] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5993] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... futex resumed>) = 0 [pid 5993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5992] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5992] <... futex resumed>) = 0 [pid 5993] <... open resumed>) = 5 [pid 5992] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5992] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] ftruncate(5, 33587199) = 0 [pid 5993] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5993] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5992] <... futex resumed>) = 0 [pid 5993] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5992] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5992] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5992] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5993] <... mmap resumed>) = 0x20000000 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 5993] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5994 attached [pid 5994] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 5992] <... clone3 resumed> => {parent_tid=[5994]}, 88) = 5994 [pid 5994] <... rseq resumed>) = 0 [pid 5994] set_robust_list(0x7f50e61579a0, 24 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] <... set_robust_list resumed>) = 0 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5994] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5994] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] read(6, [pid 5992] <... futex resumed>) = 1 [pid 5992] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5992] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5992] <... futex resumed>) = 1 [pid 5992] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5994] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5993] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5993] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5992] <... futex resumed>) = ? [pid 5994] +++ killed by SIGBUS +++ [pid 5993] +++ killed by SIGBUS +++ [pid 5992] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5992, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/binderfs") = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x55555720b690) = 5995 [pid 5995] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5995] chdir("./303") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5995] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5995] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 5996 attached [pid 5996] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5995] <... clone3 resumed> => {parent_tid=[5996]}, 88) = 5996 [pid 5996] <... rseq resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] set_robust_list(0x7f50e61789a0, 24 [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5995] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] <... futex resumed>) = 0 [pid 5996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5996] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] mkdir("./file0", 0777) = 0 [pid 5996] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./file0") = 0 [pid 5996] ioctl(4, LOOP_CLR_FD) = 0 [pid 5996] close(4) = 0 [pid 5996] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [ 297.350133][ T5996] loop0: detected capacity change from 0 to 2048 [ 297.365730][ T5996] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 297.377830][ T5996] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5996] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5995] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... open resumed>) = 4 [pid 5996] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5996] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5995] <... futex resumed>) = 1 [pid 5996] <... open resumed>) = 5 [pid 5995] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5996] <... futex resumed>) = 0 [pid 5996] ftruncate(5, 33587199 [pid 5995] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... ftruncate resumed>) = 0 [pid 5996] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 0 [pid 5995] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5996] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5995] <... futex resumed>) = 1 [pid 5995] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5995] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5996] <... mmap resumed>) = 0x20000000 [pid 5995] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 5996] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] <... mprotect resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5996] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 5997 attached [pid 5997] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 5997] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 5995] <... clone3 resumed> => {parent_tid=[5997]}, 88) = 5997 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5997] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 5997] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5997] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5996] read(6, [pid 5995] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5995] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5995] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5997] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 5996] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 5996] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5996] +++ killed by SIGBUS +++ [pid 5995] <... futex resumed>) = ? [pid 5997] +++ killed by SIGBUS +++ [pid 5995] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5995, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/binderfs") = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5998 attached [pid 5998] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 5998 [pid 5998] <... set_robust_list resumed>) = 0 [pid 5998] chdir("./304") = 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5998] setpgid(0, 0) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5998] write(3, "1000", 4) = 4 [pid 5998] close(3) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5998] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 5998] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 5998] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0} => {parent_tid=[5999]}, 88) = 5999 ./strace-static-x86_64: Process 5999 attached [pid 5999] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 5999] <... rseq resumed>) = 0 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 5998] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] memfd_create("syzkaller", 0) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5999] munmap(0x7f50ddd58000, 138412032) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] mkdir("./file0", 0777) = 0 [pid 5999] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 5999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] chdir("./file0") = 0 [pid 5999] ioctl(4, LOOP_CLR_FD) = 0 [pid 5999] close(4) = 0 [pid 5999] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 5998] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... open resumed>) = 4 [pid 5999] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5999] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5998] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] <... open resumed>) = 5 [pid 5998] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 5998] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] ftruncate(5, 33587199 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... ftruncate resumed>) = 0 [pid 5999] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5999] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5999] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 298.031546][ T5999] loop0: detected capacity change from 0 to 2048 [ 298.046537][ T5999] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 298.058576][ T5999] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5998] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5998] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 5998] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6000 attached [pid 6000] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6000] set_robust_list(0x7f50e61579a0, 24 [pid 5998] <... clone3 resumed> => {parent_tid=[6000]}, 88) = 6000 [pid 6000] <... set_robust_list resumed>) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 6000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6000] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 5999] <... mmap resumed>) = 0x20000000 [pid 6000] <... openat resumed>) = 6 [pid 6000] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5999] read(6, [pid 5998] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5998] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5998] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 5999] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 5998] <... futex resumed>) = ? [pid 6000] +++ killed by SIGBUS +++ [pid 5999] +++ killed by SIGBUS +++ [pid 5998] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5998, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/binderfs") = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6001 attached [pid 6001] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6001 [pid 6001] <... set_robust_list resumed>) = 0 [pid 6001] chdir("./305") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6001] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6001] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6001] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6001] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6002 attached => {parent_tid=[6002]}, 88) = 6002 [pid 6002] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6002] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6002] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6001] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 1 [pid 6001] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6002] memfd_create("syzkaller", 0) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6002] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] mkdir("./file0", 0777) = 0 [pid 6002] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./file0") = 0 [pid 6002] ioctl(4, LOOP_CLR_FD) = 0 [pid 6002] close(4) = 0 [pid 6002] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 1 [pid 6002] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 298.690101][ T6002] loop0: detected capacity change from 0 to 2048 [ 298.705471][ T6002] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 298.717260][ T6002] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6001] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... open resumed>) = 4 [pid 6002] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6002] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6002] ftruncate(5, 33587199 [pid 6001] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] <... ftruncate resumed>) = 0 [pid 6002] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 6002] <... futex resumed>) = 1 [pid 6001] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6001] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6001] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6001] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6002] <... mmap resumed>) = 0x20000000 [pid 6002] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6003 attached [pid 6003] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6001] <... clone3 resumed> => {parent_tid=[6003]}, 88) = 6003 [pid 6003] <... rseq resumed>) = 0 [pid 6003] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6003] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6001] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6001] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6003] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6003] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6002] read(6, [pid 6001] <... futex resumed>) = 1 [pid 6001] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6001] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 0 [pid 6003] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006b000} --- [pid 6002] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 266112 [pid 6002] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 6001] <... futex resumed>) = ? [pid 6003] +++ killed by SIGBUS +++ [pid 6002] +++ killed by SIGBUS +++ [pid 6001] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6001, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./305/binderfs") = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6004 attached , child_tidptr=0x55555720b690) = 6004 [pid 6004] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6004] chdir("./306") = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6004] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6004] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6005 attached => {parent_tid=[6005]}, 88) = 6005 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6004] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6005] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6005] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] mkdir("./file0", 0777) = 0 [pid 6005] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./file0") = 0 [pid 6005] ioctl(4, LOOP_CLR_FD) = 0 [pid 6005] close(4) = 0 [pid 6005] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] <... futex resumed>) = 0 [pid 6005] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 299.451913][ T6005] loop0: detected capacity change from 0 to 2048 [ 299.472866][ T6005] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 299.484895][ T6005] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... open resumed>) = 4 [pid 6005] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6004] <... futex resumed>) = 0 [pid 6005] <... open resumed>) = 5 [pid 6005] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] ftruncate(5, 33587199) = 0 [pid 6005] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6004] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6004] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6005] <... mmap resumed>) = 0x20000000 [pid 6004] <... mprotect resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[6006]}, 88) = 6006 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6004] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6006 attached [pid 6006] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... rseq resumed>) = 0 [pid 6005] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6006] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6006] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] read(6, [pid 6006] <... futex resumed>) = 1 [pid 6006] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6004] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6005] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 6005] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6005] +++ killed by SIGBUS +++ [pid 6004] <... futex resumed>) = ? [pid 6006] +++ killed by SIGBUS +++ [pid 6004] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6004, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./306/binderfs") = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6007 attached , child_tidptr=0x55555720b690) = 6007 [pid 6007] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6007] chdir("./307") = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6007] setpgid(0, 0) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6007] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6007] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6007] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6007] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6007] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6008 attached [pid 6008] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6007] <... clone3 resumed> => {parent_tid=[6008]}, 88) = 6008 [pid 6008] set_robust_list(0x7f50e61789a0, 24 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] <... set_robust_list resumed>) = 0 [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] <... futex resumed>) = 0 [pid 6008] memfd_create("syzkaller", 0 [pid 6007] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6008] <... memfd_create resumed>) = 3 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6008] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6008] close(3) = 0 [pid 6008] mkdir("./file0", 0777) = 0 [pid 6008] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6008] chdir("./file0") = 0 [pid 6008] ioctl(4, LOOP_CLR_FD) = 0 [pid 6008] close(4) = 0 [pid 6008] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6007] <... futex resumed>) = 1 [pid 6008] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6007] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... open resumed>) = 4 [ 300.154617][ T6008] loop0: detected capacity change from 0 to 2048 [ 300.169548][ T6008] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 300.181689][ T6008] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6008] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = 0 [pid 6007] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6008] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6007] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6007] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] ftruncate(5, 33587199 [pid 6007] <... futex resumed>) = 0 [pid 6007] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... ftruncate resumed>) = 0 [pid 6008] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6007] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6007] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6007] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6007] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6008] <... mmap resumed>) = 0x20000000 [pid 6007] <... mprotect resumed>) = 0 [pid 6008] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6007] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[6009]}, 88) = 6009 ./strace-static-x86_64: Process 6009 attached [pid 6009] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] <... rseq resumed>) = 0 [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6009] set_robust_list(0x7f50e61579a0, 24 [pid 6007] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6007] <... futex resumed>) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6009] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6009] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6009] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6007] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6007] <... futex resumed>) = 1 [pid 6008] read(6, [pid 6007] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6007] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6007] <... futex resumed>) = 1 [pid 6007] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6009] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6008] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 6007] <... futex resumed>) = ? [pid 6009] +++ killed by SIGBUS +++ [pid 6008] +++ killed by SIGBUS +++ [pid 6007] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6007, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./307/binderfs") = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6010 attached , child_tidptr=0x55555720b690) = 6010 [pid 6010] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6010] chdir("./308") = 0 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6010] setpgid(0, 0) = 0 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6010] write(3, "1000", 4) = 4 [pid 6010] close(3) = 0 [pid 6010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6010] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6010] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6010] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6011 attached [pid 6011] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6010] <... clone3 resumed> => {parent_tid=[6011]}, 88) = 6011 [pid 6011] <... rseq resumed>) = 0 [pid 6010] rt_sigprocmask(SIG_SETMASK, [], [pid 6011] set_robust_list(0x7f50e61789a0, 24 [pid 6010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6010] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6010] <... futex resumed>) = 0 [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] memfd_create("syzkaller", 0 [pid 6010] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6011] <... memfd_create resumed>) = 3 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6011] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6011] close(3) = 0 [pid 6011] mkdir("./file0", 0777) = 0 [pid 6011] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] chdir("./file0") = 0 [pid 6011] ioctl(4, LOOP_CLR_FD) = 0 [pid 6011] close(4) = 0 [pid 6011] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6011] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [ 300.933303][ T6011] loop0: detected capacity change from 0 to 2048 [ 300.959629][ T6011] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 300.971873][ T6011] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6010] <... futex resumed>) = 1 [pid 6011] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6010] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... open resumed>) = 4 [pid 6011] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6011] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [pid 6010] <... futex resumed>) = 1 [pid 6011] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6010] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... open resumed>) = 5 [pid 6011] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6011] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] <... futex resumed>) = 0 [pid 6011] ftruncate(5, 33587199 [pid 6010] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... ftruncate resumed>) = 0 [pid 6011] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6011] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] <... futex resumed>) = 0 [pid 6011] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6010] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6010] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6010] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] <... mmap resumed>) = 0x20000000 [pid 6011] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6012 attached => {parent_tid=[6012]}, 88) = 6012 [pid 6010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6010] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6010] <... futex resumed>) = 0 [pid 6012] <... rseq resumed>) = 0 [pid 6010] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6012] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6012] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6012] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... futex resumed>) = 0 [pid 6011] read(6, [pid 6010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6010] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6012] <... futex resumed>) = 0 [pid 6012] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 6011] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 6011] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6010] <... futex resumed>) = ? [pid 6011] +++ killed by SIGBUS +++ [pid 6012] +++ killed by SIGBUS +++ [pid 6010] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6010, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./308/binderfs") = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached , child_tidptr=0x55555720b690) = 6013 [pid 6013] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6013] chdir("./309") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6013] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6013] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6013] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6013] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6014 attached [pid 6014] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6013] <... clone3 resumed> => {parent_tid=[6014]}, 88) = 6014 [pid 6014] <... rseq resumed>) = 0 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], [pid 6014] set_robust_list(0x7f50e61789a0, 24 [pid 6013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6014] <... set_robust_list resumed>) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] <... futex resumed>) = 0 [pid 6014] memfd_create("syzkaller", 0 [pid 6013] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6014] <... memfd_create resumed>) = 3 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6014] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6014] close(3) = 0 [pid 6014] mkdir("./file0", 0777) = 0 [pid 6014] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6014] chdir("./file0") = 0 [pid 6014] ioctl(4, LOOP_CLR_FD) = 0 [pid 6014] close(4) = 0 [pid 6014] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6013] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6013] <... futex resumed>) = 0 [pid 6013] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... open resumed>) = 4 [pid 6014] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] <... futex resumed>) = 0 [pid 6014] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6013] <... futex resumed>) = 0 [pid 6014] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6013] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... open resumed>) = 5 [ 301.629271][ T6014] loop0: detected capacity change from 0 to 2048 [ 301.645682][ T6014] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 301.657674][ T6014] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6014] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] <... futex resumed>) = 0 [pid 6013] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] ftruncate(5, 33587199 [pid 6013] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6014] <... ftruncate resumed>) = 0 [pid 6014] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] <... futex resumed>) = 0 [pid 6013] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6014] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6013] <... futex resumed>) = 0 [pid 6013] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6013] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6013] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6013] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6014] <... mmap resumed>) = 0x20000000 [pid 6014] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6014] <... futex resumed>) = 0 [pid 6013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6014] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6015 attached [pid 6015] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6013] <... clone3 resumed> => {parent_tid=[6015]}, 88) = 6015 [pid 6015] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6015] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] <... futex resumed>) = 0 [pid 6013] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6013] <... futex resumed>) = 1 [pid 6014] read(6, [pid 6013] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6013] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6013] <... futex resumed>) = 1 [pid 6013] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 6014] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 6015] +++ killed by SIGBUS +++ [pid 6014] +++ killed by SIGBUS +++ [pid 6013] <... futex resumed>) = ? [pid 6013] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6013, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./309/binderfs") = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6016 attached , child_tidptr=0x55555720b690) = 6016 [pid 6016] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6016] chdir("./310") = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6016] setpgid(0, 0) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6016] write(3, "1000", 4) = 4 [pid 6016] close(3) = 0 [pid 6016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6016] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6016] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6016] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6017 attached [pid 6017] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6016] <... clone3 resumed> => {parent_tid=[6017]}, 88) = 6017 [pid 6017] set_robust_list(0x7f50e61789a0, 24 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], [pid 6017] <... set_robust_list resumed>) = 0 [pid 6016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6016] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] memfd_create("syzkaller", 0 [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6017] <... memfd_create resumed>) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6017] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] mkdir("./file0", 0777) = 0 [pid 6017] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./file0") = 0 [pid 6017] ioctl(4, LOOP_CLR_FD) = 0 [ 302.300176][ T6017] loop0: detected capacity change from 0 to 2048 [ 302.317366][ T6017] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 302.329471][ T6017] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6017] close(4) = 0 [pid 6017] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6016] <... futex resumed>) = 0 [pid 6017] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6016] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... open resumed>) = 4 [pid 6017] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6016] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... open resumed>) = 5 [pid 6017] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] ftruncate(5, 33587199 [pid 6016] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... ftruncate resumed>) = 0 [pid 6017] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6017] <... futex resumed>) = 1 [pid 6016] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6016] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6017] <... mmap resumed>) = 0x20000000 [pid 6017] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] <... mprotect resumed>) = 0 [pid 6016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6018 attached [pid 6018] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6016] <... clone3 resumed> => {parent_tid=[6018]}, 88) = 6018 [pid 6018] <... rseq resumed>) = 0 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] set_robust_list(0x7f50e61579a0, 24 [pid 6016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] <... set_robust_list resumed>) = 0 [pid 6016] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6016] <... futex resumed>) = 0 [pid 6018] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 6016] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... openat resumed>) = 6 [pid 6018] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6017] read(6, [pid 6016] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6016] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6016] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6018] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 6017] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 6017] ???() = ? [pid 6016] <... futex resumed>) = ? [pid 6018] +++ killed by SIGBUS +++ [pid 6017] +++ killed by SIGBUS +++ [pid 6016] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6016, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./310/binderfs") = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6019 attached , child_tidptr=0x55555720b690) = 6019 [pid 6019] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6019] chdir("./311") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6019] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6019] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6020 attached [pid 6020] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6019] <... clone3 resumed> => {parent_tid=[6020]}, 88) = 6020 [pid 6020] <... rseq resumed>) = 0 [pid 6020] set_robust_list(0x7f50e61789a0, 24 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6020] <... set_robust_list resumed>) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] <... futex resumed>) = 0 [pid 6020] memfd_create("syzkaller", 0 [pid 6019] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6020] <... memfd_create resumed>) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6020] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6020] close(3) = 0 [pid 6020] mkdir("./file0", 0777) = 0 [pid 6020] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] chdir("./file0") = 0 [pid 6020] ioctl(4, LOOP_CLR_FD) = 0 [pid 6020] close(4) = 0 [pid 6020] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 303.125138][ T6020] loop0: detected capacity change from 0 to 2048 [ 303.152671][ T6020] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 303.165891][ T6020] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6019] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... open resumed>) = 4 [pid 6020] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6019] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... open resumed>) = 5 [pid 6020] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] ftruncate(5, 33587199 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... ftruncate resumed>) = 0 [pid 6020] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6019] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6019] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6019] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6021 attached [pid 6020] <... mmap resumed>) = 0x20000000 [pid 6019] <... clone3 resumed> => {parent_tid=[6021]}, 88) = 6021 [pid 6021] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6021] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6021] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6020] <... futex resumed>) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6019] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6021] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 1 [pid 6021] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] <... futex resumed>) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6019] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] read(6, [pid 6019] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6019] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6019] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6021] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20075000} --- [pid 6020] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 225152 [pid 6020] +++ killed by SIGBUS +++ [pid 6019] <... futex resumed>) = ? [pid 6021] +++ killed by SIGBUS +++ [pid 6019] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6019, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./311/binderfs") = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6022 attached , child_tidptr=0x55555720b690) = 6022 [pid 6022] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6022] chdir("./312") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6022] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6022] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6023 attached [pid 6023] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6022] <... clone3 resumed> => {parent_tid=[6023]}, 88) = 6023 [pid 6023] set_robust_list(0x7f50e61789a0, 24 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], [pid 6023] <... set_robust_list resumed>) = 0 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] memfd_create("syzkaller", 0 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6023] <... memfd_create resumed>) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6023] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6023] close(3) = 0 [pid 6023] mkdir("./file0", 0777) = 0 [pid 6023] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] chdir("./file0") = 0 [pid 6023] ioctl(4, LOOP_CLR_FD) = 0 [pid 6023] close(4) = 0 [pid 6023] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6023] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6022] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... open resumed>) = 4 [ 303.863230][ T6023] loop0: detected capacity change from 0 to 2048 [ 303.888900][ T6023] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 303.901154][ T6023] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6023] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6023] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6023] ftruncate(5, 33587199 [pid 6022] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] <... ftruncate resumed>) = 0 [pid 6022] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = 1 [pid 6023] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6022] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6022] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6022] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6024 attached [pid 6023] <... mmap resumed>) = 0x20000000 [pid 6024] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6023] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... rseq resumed>) = 0 [pid 6023] <... futex resumed>) = 0 [pid 6024] set_robust_list(0x7f50e61579a0, 24 [pid 6023] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... set_robust_list resumed>) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] <... clone3 resumed> => {parent_tid=[6024]}, 88) = 6024 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6022] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6022] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6024] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6024] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = 1 [pid 6023] read(6, [pid 6022] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6022] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6022] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6024] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 6023] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 6022] <... futex resumed>) = ? [pid 6024] +++ killed by SIGBUS +++ [pid 6023] +++ killed by SIGBUS +++ [pid 6022] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6022, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./312/binderfs") = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6025 attached , child_tidptr=0x55555720b690) = 6025 [pid 6025] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6025] chdir("./313") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4) = 4 [pid 6025] close(3) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6025] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6025] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6026 attached [pid 6026] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6025] <... clone3 resumed> => {parent_tid=[6026]}, 88) = 6026 [pid 6026] <... rseq resumed>) = 0 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6025] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6026] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] memfd_create("syzkaller", 0) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6026] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6026] close(3) = 0 [pid 6026] mkdir("./file0", 0777) = 0 [pid 6026] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6026] chdir("./file0") = 0 [pid 6026] ioctl(4, LOOP_CLR_FD) = 0 [pid 6026] close(4) = 0 [pid 6026] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6025] <... futex resumed>) = 0 [ 304.585964][ T6026] loop0: detected capacity change from 0 to 2048 [ 304.606500][ T6026] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 304.618865][ T6026] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6025] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... open resumed>) = 4 [pid 6026] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... futex resumed>) = 0 [pid 6026] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6026] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 0 [pid 6026] ftruncate(5, 33587199 [pid 6025] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] <... ftruncate resumed>) = 0 [pid 6026] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 0 [pid 6026] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6025] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6025] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6025] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6027 attached [pid 6027] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6025] <... clone3 resumed> => {parent_tid=[6027]}, 88) = 6027 [pid 6027] <... rseq resumed>) = 0 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] set_robust_list(0x7f50e61579a0, 24 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] <... set_robust_list resumed>) = 0 [pid 6025] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] <... futex resumed>) = 0 [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6027] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... mmap resumed>) = 0x20000000 [pid 6027] <... futex resumed>) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6026] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 0 [pid 6025] <... futex resumed>) = 0 [pid 6026] read(6, [pid 6025] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6025] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 0 [pid 6027] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 6025] <... futex resumed>) = ? [pid 6027] +++ killed by SIGBUS +++ [pid 6026] <... read resumed> ) = ? [pid 6026] +++ killed by SIGBUS +++ [pid 6025] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6025, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./313/binderfs") = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6028 attached , child_tidptr=0x55555720b690) = 6028 [pid 6028] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6028] chdir("./314") = 0 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6028] setpgid(0, 0) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] write(3, "1000", 4) = 4 [pid 6028] close(3) = 0 [pid 6028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6028] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6028] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0} => {parent_tid=[6029]}, 88) = 6029 ./strace-static-x86_64: Process 6029 attached [pid 6029] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] <... rseq resumed>) = 0 [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] set_robust_list(0x7f50e61789a0, 24 [pid 6028] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... set_robust_list resumed>) = 0 [pid 6028] <... futex resumed>) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] memfd_create("syzkaller", 0) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6029] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6029] close(3) = 0 [pid 6029] mkdir("./file0", 0777) = 0 [pid 6029] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6029] chdir("./file0") = 0 [pid 6029] ioctl(4, LOOP_CLR_FD) = 0 [pid 6029] close(4) = 0 [pid 6029] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] <... futex resumed>) = 0 [pid 6028] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6028] <... futex resumed>) = 1 [pid 6029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6028] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] <... open resumed>) = 4 [pid 6029] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6029] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6028] <... futex resumed>) = 0 [pid 6029] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6028] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] <... open resumed>) = 5 [pid 6029] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6029] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6028] <... futex resumed>) = 0 [pid 6029] ftruncate(5, 33587199 [pid 6028] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] <... ftruncate resumed>) = 0 [pid 6029] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] <... futex resumed>) = 0 [pid 6029] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6028] <... futex resumed>) = 0 [pid 6029] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 305.228246][ T6029] loop0: detected capacity change from 0 to 2048 [ 305.246012][ T6029] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 305.258369][ T6029] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6028] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6028] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6028] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6030 attached [pid 6030] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6028] <... clone3 resumed> => {parent_tid=[6030]}, 88) = 6030 [pid 6029] <... mmap resumed>) = 0x20000000 [pid 6030] set_robust_list(0x7f50e61579a0, 24 [pid 6029] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] <... set_robust_list resumed>) = 0 [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] <... futex resumed>) = 0 [pid 6028] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6030] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] <... futex resumed>) = 0 [pid 6028] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6028] <... futex resumed>) = 1 [pid 6029] read(6, [pid 6028] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6028] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6028] <... futex resumed>) = 1 [pid 6028] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6030] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 6029] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 6028] <... futex resumed>) = ? [pid 6029] +++ killed by SIGBUS +++ [pid 6030] +++ killed by SIGBUS +++ [pid 6028] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6028, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./314/binderfs") = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6031 attached , child_tidptr=0x55555720b690) = 6031 [pid 6031] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6031] chdir("./315") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6031] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6031] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6032 attached => {parent_tid=[6032]}, 88) = 6032 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], [pid 6032] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6032] set_robust_list(0x7f50e61789a0, 24 [pid 6031] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... set_robust_list resumed>) = 0 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], [pid 6031] <... futex resumed>) = 0 [pid 6032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6032] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6032] close(3) = 0 [pid 6032] mkdir("./file0", 0777) = 0 [pid 6032] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6032] chdir("./file0") = 0 [pid 6032] ioctl(4, LOOP_CLR_FD) = 0 [pid 6032] close(4) = 0 [pid 6032] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... futex resumed>) = 0 [ 305.876630][ T6032] loop0: detected capacity change from 0 to 2048 [ 305.905520][ T6032] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 305.917673][ T6032] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6032] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6032] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6032] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6032] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6031] <... futex resumed>) = 0 [pid 6032] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6032] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6032] ftruncate(5, 33587199 [pid 6031] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... ftruncate resumed>) = 0 [pid 6032] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6031] <... futex resumed>) = 1 [pid 6031] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6031] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6031] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6032] <... mmap resumed>) = 0x20000000 [pid 6032] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6032] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6033 attached [pid 6033] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6031] <... clone3 resumed> => {parent_tid=[6033]}, 88) = 6033 [pid 6033] <... rseq resumed>) = 0 [pid 6033] set_robust_list(0x7f50e61579a0, 24 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], [pid 6033] <... set_robust_list resumed>) = 0 [pid 6031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6031] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6033] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6033] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = 1 [pid 6032] read(6, [pid 6031] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6031] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = 1 [pid 6031] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6033] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 6032] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 6032] +++ killed by SIGBUS +++ [pid 6031] <... futex resumed>) = ? [pid 6033] +++ killed by SIGBUS +++ [pid 6031] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6031, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./315/binderfs") = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6034 attached , child_tidptr=0x55555720b690) = 6034 [pid 6034] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6034] chdir("./316") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6034] write(3, "1000", 4) = 4 [pid 6034] close(3) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6034] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6035 attached [pid 6035] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6034] <... clone3 resumed> => {parent_tid=[6035]}, 88) = 6035 [pid 6035] <... rseq resumed>) = 0 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6035] set_robust_list(0x7f50e61789a0, 24 [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6035] <... set_robust_list resumed>) = 0 [pid 6034] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] <... futex resumed>) = 0 [pid 6035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6035] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] mkdir("./file0", 0777) = 0 [pid 6035] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6035] chdir("./file0") = 0 [pid 6035] ioctl(4, LOOP_CLR_FD) = 0 [pid 6035] close(4) = 0 [pid 6035] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6035] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6034] <... futex resumed>) = 0 [pid 6035] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... open resumed>) = 4 [pid 6035] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [ 306.549758][ T6035] loop0: detected capacity change from 0 to 2048 [ 306.566854][ T6035] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 306.578716][ T6035] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6035] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6035] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... open resumed>) = 5 [pid 6035] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6035] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] ftruncate(5, 33587199) = 0 [pid 6035] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6034] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6034] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6035] <... mmap resumed>) = 0x20000000 [pid 6034] <... mprotect resumed>) = 0 [pid 6035] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6035] <... futex resumed>) = 0 [pid 6034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6035] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6036 attached [pid 6036] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6036] set_robust_list(0x7f50e61579a0, 24 [pid 6034] <... clone3 resumed> => {parent_tid=[6036]}, 88) = 6036 [pid 6036] <... set_robust_list resumed>) = 0 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6036] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6036] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6036] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6035] read(6, [pid 6034] <... futex resumed>) = 1 [pid 6034] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6034] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6034] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6036] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6035] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 6034] <... futex resumed>) = ? [pid 6035] +++ killed by SIGBUS +++ [pid 6036] +++ killed by SIGBUS +++ [pid 6034] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6034, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./316/binderfs") = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6037 [pid 6037] <... set_robust_list resumed>) = 0 [pid 6037] chdir("./317") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6037] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6037] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6038 attached [pid 6038] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6037] <... clone3 resumed> => {parent_tid=[6038]}, 88) = 6038 [pid 6038] <... rseq resumed>) = 0 [pid 6038] set_robust_list(0x7f50e61789a0, 24 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] <... set_robust_list resumed>) = 0 [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], [pid 6037] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6038] memfd_create("syzkaller", 0) = 3 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6038] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6038] close(3) = 0 [pid 6038] mkdir("./file0", 0777) = 0 [pid 6038] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6038] chdir("./file0") = 0 [pid 6038] ioctl(4, LOOP_CLR_FD) = 0 [pid 6038] close(4) = 0 [pid 6038] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6038] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6037] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... open resumed>) = 4 [pid 6038] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6037] <... futex resumed>) = 0 [ 307.236232][ T6038] loop0: detected capacity change from 0 to 2048 [ 307.252550][ T6038] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 307.264748][ T6038] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6038] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6037] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... open resumed>) = 5 [pid 6038] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6037] <... futex resumed>) = 0 [pid 6038] ftruncate(5, 33587199 [pid 6037] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... ftruncate resumed>) = 0 [pid 6038] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6038] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6037] <... futex resumed>) = 0 [pid 6038] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6037] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6037] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6037] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6038] <... mmap resumed>) = 0x20000000 [pid 6038] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6038] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6039 attached [pid 6039] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6037] <... clone3 resumed> => {parent_tid=[6039]}, 88) = 6039 [pid 6039] <... rseq resumed>) = 0 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], [pid 6039] set_robust_list(0x7f50e61579a0, 24 [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6037] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6039] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6039] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6037] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] read(6, [pid 6037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6037] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = 1 [pid 6037] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6038] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 6037] <... futex resumed>) = ? [pid 6039] +++ killed by SIGBUS +++ [pid 6038] +++ killed by SIGBUS +++ [pid 6037] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6037, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./317/binderfs") = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6040 attached [pid 6040] set_robust_list(0x55555720b6a0, 24) = 0 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6040 [pid 6040] chdir("./318") = 0 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6040] setpgid(0, 0) = 0 [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6040] write(3, "1000", 4) = 4 [pid 6040] close(3) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6040] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6040] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6041 attached [pid 6041] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6040] <... clone3 resumed> => {parent_tid=[6041]}, 88) = 6041 [pid 6041] <... rseq resumed>) = 0 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] set_robust_list(0x7f50e61789a0, 24 [pid 6040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6040] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6040] <... futex resumed>) = 0 [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6040] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] memfd_create("syzkaller", 0) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6041] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6041] close(3) = 0 [pid 6041] mkdir("./file0", 0777) = 0 [pid 6041] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./file0") = 0 [pid 6041] ioctl(4, LOOP_CLR_FD) = 0 [pid 6041] close(4) = 0 [pid 6041] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6040] <... futex resumed>) = 0 [ 308.017860][ T6041] loop0: detected capacity change from 0 to 2048 [ 308.043539][ T6041] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 308.055215][ T6041] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6040] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... open resumed>) = 4 [pid 6041] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6041] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] <... futex resumed>) = 0 [pid 6041] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6040] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... open resumed>) = 5 [pid 6041] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] ftruncate(5, 33587199 [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... ftruncate resumed>) = 0 [pid 6041] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6041] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6040] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6040] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6040] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6041] <... mmap resumed>) = 0x20000000 [pid 6040] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6041] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6041] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6042 attached [pid 6041] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6042] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6042] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... clone3 resumed> => {parent_tid=[6042]}, 88) = 6042 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6040] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6040] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6042] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6040] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] read(6, [pid 6040] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6040] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6040] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6042] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 6041] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 6041] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = ? [pid 6041] <... futex resumed>) = ? [pid 6042] +++ killed by SIGBUS +++ [pid 6041] +++ killed by SIGBUS +++ [pid 6040] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6040, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./318/binderfs") = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6043 attached , child_tidptr=0x55555720b690) = 6043 [pid 6043] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6043] chdir("./319") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6043] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6044 attached [pid 6044] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6043] <... clone3 resumed> => {parent_tid=[6044]}, 88) = 6044 [pid 6044] <... rseq resumed>) = 0 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] set_robust_list(0x7f50e61789a0, 24 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6043] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6043] <... futex resumed>) = 0 [pid 6044] memfd_create("syzkaller", 0 [pid 6043] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6044] <... memfd_create resumed>) = 3 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6044] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6044] close(3) = 0 [pid 6044] mkdir("./file0", 0777) = 0 [pid 6044] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6044] chdir("./file0") = 0 [pid 6044] ioctl(4, LOOP_CLR_FD) = 0 [pid 6044] close(4) = 0 [pid 6044] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6043] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... open resumed>) = 4 [ 308.745224][ T6044] loop0: detected capacity change from 0 to 2048 [ 308.761115][ T6044] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 308.772678][ T6044] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6044] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6044] <... futex resumed>) = 1 [pid 6043] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6043] <... futex resumed>) = 0 [pid 6044] <... open resumed>) = 5 [pid 6044] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 0 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] ftruncate(5, 33587199 [pid 6043] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... ftruncate resumed>) = 0 [pid 6044] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6043] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6043] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6044] <... mmap resumed>) = 0x20000000 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6044] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6045 attached [pid 6044] <... futex resumed>) = 0 [pid 6045] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6043] <... clone3 resumed> => {parent_tid=[6045]}, 88) = 6045 [pid 6045] <... rseq resumed>) = 0 [pid 6044] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6043] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6043] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6045] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6045] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6045] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6043] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] read(6, [pid 6043] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6043] <... futex resumed>) = 1 [pid 6043] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6044] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 221056 [pid 6044] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6043] <... futex resumed>) = ? [pid 6045] +++ killed by SIGBUS +++ [pid 6044] +++ killed by SIGBUS +++ [pid 6043] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6043, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./319/binderfs") = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6046 attached [pid 6046] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6046 [pid 6046] <... set_robust_list resumed>) = 0 [pid 6046] chdir("./320") = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6046] setpgid(0, 0) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6046] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6046] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6047 attached [pid 6047] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6046] <... clone3 resumed> => {parent_tid=[6047]}, 88) = 6047 [pid 6047] set_robust_list(0x7f50e61789a0, 24 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], [pid 6047] <... set_robust_list resumed>) = 0 [pid 6046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6047] rt_sigprocmask(SIG_SETMASK, [], [pid 6046] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6047] memfd_create("syzkaller", 0 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6047] <... memfd_create resumed>) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6047] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6047] close(3) = 0 [pid 6047] mkdir("./file0", 0777) = 0 [pid 6047] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("./file0") = 0 [pid 6047] ioctl(4, LOOP_CLR_FD) = 0 [pid 6047] close(4) = 0 [pid 6047] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6046] <... futex resumed>) = 0 [pid 6047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 309.544729][ T6047] loop0: detected capacity change from 0 to 2048 [ 309.570407][ T6047] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 309.582791][ T6047] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6046] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... open resumed>) = 4 [pid 6047] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6047] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6047] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6046] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... open resumed>) = 5 [pid 6047] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6046] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6047] ftruncate(5, 33587199 [pid 6046] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... ftruncate resumed>) = 0 [pid 6047] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6047] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6046] <... futex resumed>) = 0 [pid 6047] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6046] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6046] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6046] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6047] <... mmap resumed>) = 0x20000000 [pid 6047] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6048 attached [pid 6048] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6046] <... clone3 resumed> => {parent_tid=[6048]}, 88) = 6048 [pid 6048] set_robust_list(0x7f50e61579a0, 24 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], [pid 6048] <... set_robust_list resumed>) = 0 [pid 6046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6048] rt_sigprocmask(SIG_SETMASK, [], [pid 6046] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6048] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6046] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6047] <... futex resumed>) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6047] read(6, [pid 6046] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6046] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6046] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 6047] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 6046] <... futex resumed>) = ? [pid 6048] +++ killed by SIGBUS +++ [pid 6047] +++ killed by SIGBUS +++ [pid 6046] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6046, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./320/binderfs") = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6049 attached [pid 6049] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6049 [pid 6049] <... set_robust_list resumed>) = 0 [pid 6049] chdir("./321") = 0 [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6049] setpgid(0, 0) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6049] write(3, "1000", 4) = 4 [pid 6049] close(3) = 0 [pid 6049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6049] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6049] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6050 attached [pid 6050] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6050] set_robust_list(0x7f50e61789a0, 24 [pid 6049] <... clone3 resumed> => {parent_tid=[6050]}, 88) = 6050 [pid 6050] <... set_robust_list resumed>) = 0 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] rt_sigprocmask(SIG_SETMASK, [], [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6049] <... futex resumed>) = 0 [pid 6050] memfd_create("syzkaller", 0 [pid 6049] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6050] <... memfd_create resumed>) = 3 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6050] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6050] close(3) = 0 [pid 6050] mkdir("./file0", 0777) = 0 [pid 6050] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] chdir("./file0") = 0 [pid 6050] ioctl(4, LOOP_CLR_FD) = 0 [pid 6050] close(4) = 0 [pid 6050] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6050] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6049] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 310.261131][ T6050] loop0: detected capacity change from 0 to 2048 [ 310.276729][ T6050] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 310.288356][ T6050] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6050] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6050] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6050] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6050] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6049] <... futex resumed>) = 1 [pid 6050] <... open resumed>) = 5 [pid 6049] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] <... futex resumed>) = 0 [pid 6050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6049] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] ftruncate(5, 33587199 [pid 6049] <... futex resumed>) = 0 [pid 6049] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] <... ftruncate resumed>) = 0 [pid 6050] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6050] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6049] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6049] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6049] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6050] <... mmap resumed>) = 0x20000000 [pid 6050] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] <... mprotect resumed>) = 0 [pid 6049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6051 attached [pid 6051] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6049] <... clone3 resumed> => {parent_tid=[6051]}, 88) = 6051 [pid 6051] <... rseq resumed>) = 0 [pid 6049] rt_sigprocmask(SIG_SETMASK, [], [pid 6051] set_robust_list(0x7f50e61579a0, 24 [pid 6049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6049] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] <... futex resumed>) = 0 [pid 6051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6049] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6051] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6051] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6049] <... futex resumed>) = 1 [pid 6049] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] read(6, [pid 6049] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6049] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6049] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6051] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 6050] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 6050] ???() = ? [pid 6049] <... futex resumed>) = ? [pid 6050] +++ killed by SIGBUS +++ [pid 6051] +++ killed by SIGBUS +++ [pid 6049] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6049, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./321/binderfs") = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6052 attached , child_tidptr=0x55555720b690) = 6052 [pid 6052] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6052] chdir("./322") = 0 [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6052] setpgid(0, 0) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6052] write(3, "1000", 4) = 4 [pid 6052] close(3) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6052] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6053 attached [pid 6053] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6052] <... clone3 resumed> => {parent_tid=[6053]}, 88) = 6053 [pid 6053] set_robust_list(0x7f50e61789a0, 24 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] <... set_robust_list resumed>) = 0 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6052] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] memfd_create("syzkaller", 0 [pid 6052] <... futex resumed>) = 0 [pid 6053] <... memfd_create resumed>) = 3 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6053] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6053] close(3) = 0 [pid 6053] mkdir("./file0", 0777) = 0 [pid 6053] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./file0") = 0 [pid 6053] ioctl(4, LOOP_CLR_FD) = 0 [pid 6053] close(4) = 0 [pid 6053] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 310.990400][ T6053] loop0: detected capacity change from 0 to 2048 [ 311.016474][ T6053] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 311.028556][ T6053] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6053] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... futex resumed>) = 0 [pid 6053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6052] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... open resumed>) = 4 [pid 6053] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6053] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6052] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... open resumed>) = 5 [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] <... futex resumed>) = 0 [pid 6052] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] ftruncate(5, 33587199 [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... ftruncate resumed>) = 0 [pid 6053] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6053] <... futex resumed>) = 1 [pid 6052] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6052] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6052] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6054 attached [pid 6054] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6052] <... clone3 resumed> => {parent_tid=[6054]}, 88) = 6054 [pid 6054] set_robust_list(0x7f50e61579a0, 24 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] <... mmap resumed>) = 0x20000000 [pid 6054] <... set_robust_list resumed>) = 0 [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6054] rt_sigprocmask(SIG_SETMASK, [], [pid 6052] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6052] <... futex resumed>) = 0 [pid 6053] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6054] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6054] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6054] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6052] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] read(6, [pid 6052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6052] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6054] <... futex resumed>) = 0 [pid 6052] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6054] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 6053] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 6052] <... futex resumed>) = ? [pid 6054] +++ killed by SIGBUS +++ [pid 6053] +++ killed by SIGBUS +++ [pid 6052] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6052, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./322/binderfs") = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6055 attached , child_tidptr=0x55555720b690) = 6055 [pid 6055] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6055] chdir("./323") = 0 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6055] write(3, "1000", 4) = 4 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6055] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6056 attached [pid 6056] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6055] <... clone3 resumed> => {parent_tid=[6056]}, 88) = 6056 [pid 6056] <... rseq resumed>) = 0 [pid 6055] rt_sigprocmask(SIG_SETMASK, [], [pid 6056] set_robust_list(0x7f50e61789a0, 24 [pid 6055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6056] <... set_robust_list resumed>) = 0 [pid 6055] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6055] <... futex resumed>) = 0 [pid 6056] memfd_create("syzkaller", 0 [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6056] <... memfd_create resumed>) = 3 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6056] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6056] close(3) = 0 [pid 6056] mkdir("./file0", 0777) = 0 [pid 6056] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] chdir("./file0") = 0 [pid 6056] ioctl(4, LOOP_CLR_FD) = 0 [pid 6056] close(4) = 0 [pid 6056] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6056] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6056] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6055] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... open resumed>) = 5 [pid 6055] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6056] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] ftruncate(5, 33587199 [pid 6055] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... ftruncate resumed>) = 0 [ 311.774242][ T6056] loop0: detected capacity change from 0 to 2048 [ 311.784650][ T6056] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 311.796920][ T6056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6056] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6055] <... futex resumed>) = 0 [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6055] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6055] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6057 attached [pid 6057] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6055] <... clone3 resumed> => {parent_tid=[6057]}, 88) = 6057 [pid 6057] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6055] rt_sigprocmask(SIG_SETMASK, [], [pid 6057] rt_sigprocmask(SIG_SETMASK, [], [pid 6055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6055] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 6056] <... mmap resumed>) = 0x20000000 [pid 6057] <... openat resumed>) = 6 [pid 6056] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6056] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] <... futex resumed>) = 0 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] read(6, [pid 6055] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6055] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6055] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6055] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 6056] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 6056] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6055] <... futex resumed>) = ? [pid 6057] +++ killed by SIGBUS +++ [pid 6056] +++ killed by SIGBUS +++ [pid 6055] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6055, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./323/binderfs") = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6058 attached , child_tidptr=0x55555720b690) = 6058 [pid 6058] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6058] chdir("./324") = 0 [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6058] setpgid(0, 0) = 0 [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6058] write(3, "1000", 4) = 4 [pid 6058] close(3) = 0 [pid 6058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6058] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6058] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6059 attached [pid 6059] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6059] set_robust_list(0x7f50e61789a0, 24 [pid 6058] <... clone3 resumed> => {parent_tid=[6059]}, 88) = 6059 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6058] rt_sigprocmask(SIG_SETMASK, [], [pid 6059] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6058] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] memfd_create("syzkaller", 0 [pid 6058] <... futex resumed>) = 0 [pid 6059] <... memfd_create resumed>) = 3 [pid 6058] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6059] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6059] close(3) = 0 [pid 6059] mkdir("./file0", 0777) = 0 [pid 6059] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("./file0") = 0 [pid 6059] ioctl(4, LOOP_CLR_FD) = 0 [pid 6059] close(4) = 0 [pid 6059] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] <... futex resumed>) = 0 [pid 6059] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... futex resumed>) = 0 [pid 6058] <... futex resumed>) = 1 [pid 6059] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6058] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6059] <... open resumed>) = 4 [pid 6059] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] <... futex resumed>) = 0 [pid 6059] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6058] <... futex resumed>) = 0 [pid 6059] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6058] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6059] <... open resumed>) = 5 [pid 6059] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = 0 [pid 6059] <... futex resumed>) = 1 [pid 6058] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] ftruncate(5, 33587199 [pid 6058] <... futex resumed>) = 0 [ 312.541274][ T6059] loop0: detected capacity change from 0 to 2048 [ 312.556156][ T6059] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 312.567829][ T6059] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6058] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6059] <... ftruncate resumed>) = 0 [pid 6059] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] <... futex resumed>) = 0 [pid 6059] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6058] <... futex resumed>) = 0 [pid 6059] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6058] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6058] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6058] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6060 attached => {parent_tid=[6060]}, 88) = 6060 [pid 6060] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6058] rt_sigprocmask(SIG_SETMASK, [], [pid 6060] <... rseq resumed>) = 0 [pid 6059] <... mmap resumed>) = 0x20000000 [pid 6058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6060] set_robust_list(0x7f50e61579a0, 24 [pid 6058] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6058] <... futex resumed>) = 0 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], [pid 6059] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6060] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6060] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] <... futex resumed>) = 0 [pid 6058] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... futex resumed>) = 0 [pid 6058] <... futex resumed>) = 1 [pid 6059] read(6, [pid 6058] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6058] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6058] <... futex resumed>) = 1 [pid 6058] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6060] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20077000} --- [pid 6059] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 6058] <... futex resumed>) = ? [pid 6059] +++ killed by SIGBUS +++ [pid 6060] +++ killed by SIGBUS +++ [pid 6058] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6058, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./324/binderfs") = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6061 attached , child_tidptr=0x55555720b690) = 6061 [pid 6061] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6061] chdir("./325") = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 6061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6061] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6061] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6062 attached [pid 6062] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6062] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6061] <... clone3 resumed> => {parent_tid=[6062]}, 88) = 6062 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], [pid 6061] rt_sigprocmask(SIG_SETMASK, [], [pid 6062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6062] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 6062] memfd_create("syzkaller", 0 [pid 6061] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6062] <... memfd_create resumed>) = 3 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6062] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6062] close(3) = 0 [pid 6062] mkdir("./file0", 0777) = 0 [pid 6062] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6062] chdir("./file0") = 0 [pid 6062] ioctl(4, LOOP_CLR_FD) = 0 [pid 6062] close(4) = 0 [pid 6062] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6062] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 313.227220][ T6062] loop0: detected capacity change from 0 to 2048 [ 313.254640][ T6062] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 313.266748][ T6062] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6061] <... futex resumed>) = 0 [pid 6062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6061] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... open resumed>) = 4 [pid 6062] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6062] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6061] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... open resumed>) = 5 [pid 6062] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6062] ftruncate(5, 33587199 [pid 6061] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... ftruncate resumed>) = 0 [pid 6062] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 6062] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6061] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6061] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6061] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6061] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6062] <... mmap resumed>) = 0x20000000 [pid 6062] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6063 attached [pid 6063] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6061] <... clone3 resumed> => {parent_tid=[6063]}, 88) = 6063 [pid 6063] <... rseq resumed>) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], [pid 6063] set_robust_list(0x7f50e61579a0, 24 [pid 6061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6061] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6063] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6063] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6061] <... futex resumed>) = 1 [pid 6062] read(6, [pid 6061] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6061] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 0 [pid 6063] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 6062] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 233344 [pid 6061] <... futex resumed>) = ? [pid 6063] +++ killed by SIGBUS +++ [pid 6062] +++ killed by SIGBUS +++ [pid 6061] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6061, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./325/binderfs") = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6064 attached , child_tidptr=0x55555720b690) = 6064 [pid 6064] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6064] chdir("./326") = 0 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6064] setpgid(0, 0) = 0 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6064] write(3, "1000", 4) = 4 [pid 6064] close(3) = 0 [pid 6064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6064] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6064] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6065 attached [pid 6065] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6064] <... clone3 resumed> => {parent_tid=[6065]}, 88) = 6065 [pid 6065] set_robust_list(0x7f50e61789a0, 24 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6065] <... set_robust_list resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] memfd_create("syzkaller", 0 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6065] <... memfd_create resumed>) = 3 [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6065] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6065] close(3) = 0 [pid 6065] mkdir("./file0", 0777) = 0 [pid 6065] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6065] chdir("./file0") = 0 [pid 6065] ioctl(4, LOOP_CLR_FD) = 0 [pid 6065] close(4) = 0 [pid 6065] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] <... open resumed>) = 4 [ 313.943802][ T6065] loop0: detected capacity change from 0 to 2048 [ 313.960994][ T6065] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 313.972842][ T6065] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6065] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6065] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6064] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] <... open resumed>) = 5 [pid 6065] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6065] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6064] <... futex resumed>) = 0 [pid 6065] ftruncate(5, 33587199 [pid 6064] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] <... ftruncate resumed>) = 0 [pid 6065] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6065] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6064] <... futex resumed>) = 0 [pid 6065] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6064] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6064] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6064] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6066 attached => {parent_tid=[6066]}, 88) = 6066 [pid 6066] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6066] <... rseq resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6066] set_robust_list(0x7f50e61579a0, 24 [pid 6064] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... set_robust_list resumed>) = 0 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6066] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6066] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] <... mmap resumed>) = 0x20000000 [pid 6064] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] read(6, [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6064] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6064] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [pid 6064] <... futex resumed>) = 1 [pid 6064] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6066] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 229248 [pid 6065] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20074000} --- [pid 6066] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6064] <... futex resumed>) = ? [pid 6066] +++ killed by SIGBUS +++ [pid 6065] +++ killed by SIGBUS +++ [pid 6064] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6064, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./326/binderfs") = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached , child_tidptr=0x55555720b690) = 6067 [pid 6067] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6067] chdir("./327") = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6067] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6068 attached => {parent_tid=[6068]}, 88) = 6068 [pid 6068] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], [pid 6068] set_robust_list(0x7f50e61789a0, 24 [pid 6067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] <... set_robust_list resumed>) = 0 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], [pid 6067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6067] <... futex resumed>) = 0 [pid 6068] memfd_create("syzkaller", 0 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6068] <... memfd_create resumed>) = 3 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6068] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6068] close(3) = 0 [pid 6068] mkdir("./file0", 0777) = 0 [pid 6068] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] chdir("./file0") = 0 [pid 6068] ioctl(4, LOOP_CLR_FD) = 0 [pid 6068] close(4) = 0 [pid 6068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6068] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6068] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... open resumed>) = 4 [ 314.635022][ T6068] loop0: detected capacity change from 0 to 2048 [ 314.650873][ T6068] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 314.662895][ T6068] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6067] <... futex resumed>) = 0 [pid 6068] <... open resumed>) = 5 [pid 6068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6068] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6068] ftruncate(5, 33587199 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... ftruncate resumed>) = 0 [pid 6068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6068] <... futex resumed>) = 1 [pid 6067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6067] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6068] <... mmap resumed>) = 0x20000000 [pid 6067] <... mmap resumed>) = 0x7f50e6137000 [pid 6068] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] <... mprotect resumed>) = 0 [pid 6067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6069 attached [pid 6069] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6067] <... clone3 resumed> => {parent_tid=[6069]}, 88) = 6069 [pid 6069] set_robust_list(0x7f50e61579a0, 24 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] <... set_robust_list resumed>) = 0 [pid 6067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6067] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6069] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = 1 [pid 6069] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6067] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] read(6, [pid 6067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6067] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6067] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6069] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6068] <... read resumed>) = ? [pid 6067] <... futex resumed>) = ? [pid 6069] +++ killed by SIGBUS +++ [pid 6068] +++ killed by SIGBUS +++ [pid 6067] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6067, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./327/binderfs") = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6070 attached , child_tidptr=0x55555720b690) = 6070 [pid 6070] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6070] chdir("./328") = 0 [pid 6070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6070] setpgid(0, 0) = 0 [pid 6070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6070] write(3, "1000", 4) = 4 [pid 6070] close(3) = 0 [pid 6070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6070] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6070] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6071 attached [pid 6071] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6070] <... clone3 resumed> => {parent_tid=[6071]}, 88) = 6071 [pid 6071] <... rseq resumed>) = 0 [pid 6071] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6071] memfd_create("syzkaller", 0) = 3 [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6071] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6071] close(3) = 0 [pid 6071] mkdir("./file0", 0777) = 0 [pid 6071] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6071] chdir("./file0") = 0 [pid 6071] ioctl(4, LOOP_CLR_FD) = 0 [pid 6071] close(4) = 0 [pid 6071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6071] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] <... open resumed>) = 4 [ 315.300216][ T6071] loop0: detected capacity change from 0 to 2048 [ 315.316140][ T6071] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 315.328378][ T6071] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] <... futex resumed>) = 0 [pid 6071] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] <... open resumed>) = 5 [pid 6071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] <... futex resumed>) = 0 [pid 6071] ftruncate(5, 33587199 [pid 6070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] <... ftruncate resumed>) = 0 [pid 6071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6071] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6070] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6070] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6071] <... mmap resumed>) = 0x20000000 [pid 6070] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6071] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6071] <... futex resumed>) = 0 [pid 6070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6071] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6072 attached [pid 6072] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6070] <... clone3 resumed> => {parent_tid=[6072]}, 88) = 6072 [pid 6072] <... rseq resumed>) = 0 [pid 6072] set_robust_list(0x7f50e61579a0, 24 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] <... set_robust_list resumed>) = 0 [pid 6070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6070] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] <... futex resumed>) = 0 [pid 6070] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6072] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6070] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6071] read(6, [pid 6070] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6070] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6070] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6072] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20072000} --- [pid 6071] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 237440 [pid 6070] <... futex resumed>) = ? [pid 6071] +++ killed by SIGBUS +++ [pid 6072] +++ killed by SIGBUS +++ [pid 6070] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6070, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./328/binderfs") = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6073 attached , child_tidptr=0x55555720b690) = 6073 [pid 6073] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6073] chdir("./329") = 0 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6073] setpgid(0, 0) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6073] write(3, "1000", 4) = 4 [pid 6073] close(3) = 0 [pid 6073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6073] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6073] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6074 attached [pid 6074] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6074] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6073] <... clone3 resumed> => {parent_tid=[6074]}, 88) = 6074 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], [pid 6073] rt_sigprocmask(SIG_SETMASK, [], [pid 6074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6074] memfd_create("syzkaller", 0 [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6074] <... memfd_create resumed>) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6074] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6074] close(3) = 0 [pid 6074] mkdir("./file0", 0777) = 0 [pid 6074] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6074] chdir("./file0") = 0 [pid 6074] ioctl(4, LOOP_CLR_FD) = 0 [pid 6074] close(4) = 0 [pid 6074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] <... open resumed>) = 4 [pid 6074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6073] <... futex resumed>) = 0 [pid 6074] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] <... open resumed>) = 5 [ 316.002042][ T6074] loop0: detected capacity change from 0 to 2048 [ 316.029364][ T6074] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 316.041816][ T6074] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6074] ftruncate(5, 33587199 [pid 6073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] <... ftruncate resumed>) = 0 [pid 6074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] <... futex resumed>) = 0 [pid 6073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6074] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6073] <... futex resumed>) = 1 [pid 6073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6073] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6073] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6074] <... mmap resumed>) = 0x20000000 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6074] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6075 attached [pid 6075] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6073] <... clone3 resumed> => {parent_tid=[6075]}, 88) = 6075 [pid 6075] <... rseq resumed>) = 0 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], [pid 6075] set_robust_list(0x7f50e61579a0, 24 [pid 6074] <... futex resumed>) = 0 [pid 6075] <... set_robust_list resumed>) = 0 [pid 6073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6074] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6075] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6073] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6075] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6075] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6073] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6074] read(6, [pid 6073] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6073] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6073] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6075] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 6074] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 6073] <... futex resumed>) = ? [pid 6074] +++ killed by SIGBUS +++ [pid 6075] +++ killed by SIGBUS +++ [pid 6073] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6073, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./329/binderfs") = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6076 attached , child_tidptr=0x55555720b690) = 6076 [pid 6076] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6076] chdir("./330") = 0 [pid 6076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6076] setpgid(0, 0) = 0 [pid 6076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6076] write(3, "1000", 4) = 4 [pid 6076] close(3) = 0 [pid 6076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6076] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6076] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6076] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6077 attached [pid 6077] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6076] <... clone3 resumed> => {parent_tid=[6077]}, 88) = 6077 [pid 6077] <... rseq resumed>) = 0 [pid 6077] set_robust_list(0x7f50e61789a0, 24 [pid 6076] rt_sigprocmask(SIG_SETMASK, [], [pid 6077] <... set_robust_list resumed>) = 0 [pid 6076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], [pid 6076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] <... futex resumed>) = 0 [pid 6076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6077] memfd_create("syzkaller", 0) = 3 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6077] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6077] close(3) = 0 [pid 6077] mkdir("./file0", 0777) = 0 [ 316.710013][ T6077] loop0: detected capacity change from 0 to 2048 [ 316.740549][ T6077] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [pid 6077] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6077] chdir("./file0") = 0 [pid 6077] ioctl(4, LOOP_CLR_FD) = 0 [pid 6077] close(4) = 0 [pid 6077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6076] <... futex resumed>) = 0 [pid 6076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 316.752879][ T6077] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = 0 [pid 6077] <... futex resumed>) = 1 [pid 6076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] <... open resumed>) = 5 [pid 6077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] <... futex resumed>) = 0 [pid 6076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] ftruncate(5, 33587199 [pid 6076] <... futex resumed>) = 1 [pid 6076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] <... ftruncate resumed>) = 0 [pid 6077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6076] <... futex resumed>) = 0 [pid 6077] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6077] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6076] <... futex resumed>) = 0 [pid 6076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6076] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6076] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6076] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6077] <... mmap resumed>) = 0x20000000 [pid 6077] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6078 attached [pid 6078] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6076] <... clone3 resumed> => {parent_tid=[6078]}, 88) = 6078 [pid 6078] set_robust_list(0x7f50e61579a0, 24 [pid 6076] rt_sigprocmask(SIG_SETMASK, [], [pid 6078] <... set_robust_list resumed>) = 0 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], [pid 6076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6076] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6078] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6076] <... futex resumed>) = 0 [pid 6078] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6076] <... futex resumed>) = 1 [pid 6077] read(6, [pid 6076] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6076] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6076] <... futex resumed>) = 1 [pid 6076] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6078] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20070000} --- [pid 6077] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 245632 [pid 6076] <... futex resumed>) = ? [pid 6078] +++ killed by SIGBUS +++ [pid 6077] +++ killed by SIGBUS +++ [pid 6076] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6076, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./330/binderfs") = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6079 attached , child_tidptr=0x55555720b690) = 6079 [pid 6079] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6079] chdir("./331") = 0 [pid 6079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6079] setpgid(0, 0) = 0 [pid 6079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6079] write(3, "1000", 4) = 4 [pid 6079] close(3) = 0 [pid 6079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6079] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6080 attached [pid 6080] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6080] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6079] <... clone3 resumed> => {parent_tid=[6080]}, 88) = 6080 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], [pid 6079] rt_sigprocmask(SIG_SETMASK, [], [pid 6080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6080] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6080] memfd_create("syzkaller", 0) = 3 [pid 6080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6080] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6080] close(3) = 0 [pid 6080] mkdir("./file0", 0777) = 0 [pid 6080] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6080] chdir("./file0") = 0 [pid 6080] ioctl(4, LOOP_CLR_FD) = 0 [pid 6080] close(4) = 0 [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6079] <... futex resumed>) = 0 [ 317.459962][ T6080] loop0: detected capacity change from 0 to 2048 [ 317.476854][ T6080] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 317.489028][ T6080] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6080] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... open resumed>) = 4 [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 1 [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6080] <... futex resumed>) = 1 [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] ftruncate(5, 33587199 [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... ftruncate resumed>) = 0 [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... mmap resumed>) = 0x20000000 [pid 6079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6079] <... futex resumed>) = 1 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6080] <... futex resumed>) = 1 [pid 6079] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] read(6, [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6079] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6079] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6079] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6081 attached [pid 6081] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6079] <... clone3 resumed> => {parent_tid=[6081]}, 88) = 6081 [pid 6081] <... rseq resumed>) = 0 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] set_robust_list(0x7f50e61579a0, 24 [pid 6079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] <... set_robust_list resumed>) = 0 [pid 6079] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6079] <... futex resumed>) = 0 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6081] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006b000} --- [pid 6080] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 266112 [pid 6080] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6079] <... futex resumed>) = ? [pid 6081] +++ killed by SIGBUS +++ [pid 6080] +++ killed by SIGBUS +++ [pid 6079] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6079, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./331/binderfs") = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6082 attached [pid 6082] set_robust_list(0x55555720b6a0, 24 [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6082 [pid 6082] <... set_robust_list resumed>) = 0 [pid 6082] chdir("./332") = 0 [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6082] setpgid(0, 0) = 0 [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6082] write(3, "1000", 4) = 4 [pid 6082] close(3) = 0 [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6082] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6082] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6083 attached [pid 6083] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6082] <... clone3 resumed> => {parent_tid=[6083]}, 88) = 6083 [pid 6083] <... rseq resumed>) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] set_robust_list(0x7f50e61789a0, 24 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] <... set_robust_list resumed>) = 0 [pid 6082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] <... futex resumed>) = 0 [pid 6083] memfd_create("syzkaller", 0 [pid 6082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6083] <... memfd_create resumed>) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6083] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6083] close(3) = 0 [pid 6083] mkdir("./file0", 0777) = 0 [pid 6083] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./file0") = 0 [pid 6083] ioctl(4, LOOP_CLR_FD) = 0 [pid 6083] close(4) = 0 [pid 6083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... futex resumed>) = 0 [ 318.153517][ T6083] loop0: detected capacity change from 0 to 2048 [ 318.170195][ T6083] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 318.182575][ T6083] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6083] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... open resumed>) = 4 [pid 6083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6083] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... open resumed>) = 5 [pid 6083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6083] ftruncate(5, 33587199 [pid 6082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... ftruncate resumed>) = 0 [pid 6083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] <... futex resumed>) = 0 [pid 6083] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6082] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6082] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6083] <... mmap resumed>) = 0x20000000 [pid 6083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6084 attached [pid 6083] <... futex resumed>) = 0 [pid 6082] <... clone3 resumed> => {parent_tid=[6084]}, 88) = 6084 [pid 6084] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... rseq resumed>) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] set_robust_list(0x7f50e61579a0, 24 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6084] <... set_robust_list resumed>) = 0 [pid 6082] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] <... futex resumed>) = 0 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6084] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6084] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] read(6, [pid 6082] <... futex resumed>) = 1 [pid 6082] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6082] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6082] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6084] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20071000} --- [pid 6083] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 241536 [pid 6083] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6082] <... futex resumed>) = ? [pid 6084] +++ killed by SIGBUS +++ [pid 6083] +++ killed by SIGBUS +++ [pid 6082] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6082, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./332/binderfs") = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6085 attached , child_tidptr=0x55555720b690) = 6085 [pid 6085] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6085] chdir("./333") = 0 [pid 6085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6085] setpgid(0, 0) = 0 [pid 6085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6085] write(3, "1000", 4) = 4 [pid 6085] close(3) = 0 [pid 6085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6085] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6085] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6085] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6086 attached [pid 6086] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6085] <... clone3 resumed> => {parent_tid=[6086]}, 88) = 6086 [pid 6086] <... rseq resumed>) = 0 [pid 6086] set_robust_list(0x7f50e61789a0, 24 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], [pid 6086] <... set_robust_list resumed>) = 0 [pid 6085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6086] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] <... futex resumed>) = 0 [pid 6086] memfd_create("syzkaller", 0 [pid 6085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6086] <... memfd_create resumed>) = 3 [pid 6086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6086] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6086] close(3) = 0 [pid 6086] mkdir("./file0", 0777) = 0 [pid 6086] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6086] chdir("./file0") = 0 [pid 6086] ioctl(4, LOOP_CLR_FD) = 0 [pid 6086] close(4) = 0 [pid 6086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6085] <... futex resumed>) = 0 [pid 6086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6085] <... futex resumed>) = 0 [pid 6086] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 318.938401][ T6086] loop0: detected capacity change from 0 to 2048 [ 318.963543][ T6086] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 318.975601][ T6086] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] <... open resumed>) = 4 [pid 6086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6085] <... futex resumed>) = 0 [pid 6085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6085] <... futex resumed>) = 1 [pid 6086] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] <... open resumed>) = 5 [pid 6086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6085] <... futex resumed>) = 0 [pid 6086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6085] <... futex resumed>) = 0 [pid 6086] ftruncate(5, 33587199 [pid 6085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] <... ftruncate resumed>) = 0 [pid 6086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... futex resumed>) = 0 [pid 6086] <... futex resumed>) = 1 [pid 6085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6085] <... futex resumed>) = 0 [pid 6085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6085] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6086] <... mmap resumed>) = 0x20000000 [pid 6085] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6086] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... mprotect resumed>) = 0 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6087 attached [pid 6087] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6085] <... clone3 resumed> => {parent_tid=[6087]}, 88) = 6087 [pid 6087] <... rseq resumed>) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], [pid 6087] set_robust_list(0x7f50e61579a0, 24 [pid 6085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] <... set_robust_list resumed>) = 0 [pid 6085] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] <... futex resumed>) = 0 [pid 6087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6087] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6085] <... futex resumed>) = 0 [pid 6087] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6085] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] read(6, [pid 6085] <... futex resumed>) = 1 [pid 6085] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6085] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6085] <... futex resumed>) = 1 [pid 6085] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6087] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006d000} --- [pid 6086] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 257920 [pid 6085] <... futex resumed>) = ? [pid 6087] +++ killed by SIGBUS +++ [pid 6086] +++ killed by SIGBUS +++ [pid 6085] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6085, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./333/binderfs") = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6088 attached , child_tidptr=0x55555720b690) = 6088 [pid 6088] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6088] chdir("./334") = 0 [pid 6088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6088] setpgid(0, 0) = 0 [pid 6088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6088] write(3, "1000", 4) = 4 [pid 6088] close(3) = 0 [pid 6088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6088] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6088] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6089 attached [pid 6089] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6089] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6088] <... clone3 resumed> => {parent_tid=[6089]}, 88) = 6089 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], [pid 6089] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6088] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = 0 [pid 6088] <... futex resumed>) = 1 [pid 6089] memfd_create("syzkaller", 0 [pid 6088] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6089] <... memfd_create resumed>) = 3 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6089] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6089] close(3) = 0 [pid 6089] mkdir("./file0", 0777) = 0 [pid 6089] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6089] chdir("./file0") = 0 [pid 6089] ioctl(4, LOOP_CLR_FD) = 0 [pid 6089] close(4) = 0 [pid 6089] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6088] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... open resumed>) = 4 [ 319.633686][ T6089] loop0: detected capacity change from 0 to 2048 [ 319.649721][ T6089] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 319.661675][ T6089] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6089] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6088] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6088] <... futex resumed>) = 0 [pid 6089] <... open resumed>) = 5 [pid 6088] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6089] ftruncate(5, 33587199 [pid 6088] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... ftruncate resumed>) = 0 [pid 6089] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6089] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6088] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6088] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6088] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6089] <... mmap resumed>) = 0x20000000 [pid 6089] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6089] <... futex resumed>) = 0 [pid 6089] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} => {parent_tid=[6090]}, 88) = 6090 ./strace-static-x86_64: Process 6090 attached [pid 6088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6090] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6090] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6090] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6090] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = 0 [pid 6088] <... futex resumed>) = 1 [pid 6089] read(6, [pid 6088] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6088] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6088] <... futex resumed>) = 1 [pid 6088] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6090] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20073000} --- [pid 6089] <... read resumed> ) = ? [pid 6088] <... futex resumed>) = ? [pid 6089] +++ killed by SIGBUS +++ [pid 6090] +++ killed by SIGBUS +++ [pid 6088] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6088, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./334/binderfs") = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6091 attached , child_tidptr=0x55555720b690) = 6091 [pid 6091] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6091] chdir("./335") = 0 [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6091] setpgid(0, 0) = 0 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6091] write(3, "1000", 4) = 4 [pid 6091] close(3) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6091] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6091] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6091] <... clone3 resumed> => {parent_tid=[6092]}, 88) = 6092 [pid 6092] <... rseq resumed>) = 0 [pid 6092] set_robust_list(0x7f50e61789a0, 24 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] <... set_robust_list resumed>) = 0 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], [pid 6091] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6091] <... futex resumed>) = 0 [pid 6092] memfd_create("syzkaller", 0 [pid 6091] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6092] <... memfd_create resumed>) = 3 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6092] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6092] close(3) = 0 [pid 6092] mkdir("./file0", 0777) = 0 [pid 6092] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6092] chdir("./file0") = 0 [pid 6092] ioctl(4, LOOP_CLR_FD) = 0 [pid 6092] close(4) = 0 [pid 6092] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6091] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6091] <... futex resumed>) = 0 [ 320.463191][ T6092] loop0: detected capacity change from 0 to 2048 [ 320.488019][ T6092] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 320.500044][ T6092] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6091] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... open resumed>) = 4 [pid 6092] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] <... futex resumed>) = 0 [pid 6091] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6091] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6092] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6092] ftruncate(5, 33587199 [pid 6091] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... ftruncate resumed>) = 0 [pid 6092] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6092] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6091] <... futex resumed>) = 0 [pid 6092] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6091] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6091] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6091] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6093 attached [pid 6093] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6091] <... clone3 resumed> => {parent_tid=[6093]}, 88) = 6093 [pid 6093] <... rseq resumed>) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6093] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6091] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] openat(AT_FDCWD, "/dev/full", O_RDONLY [pid 6092] <... mmap resumed>) = 0x20000000 [pid 6093] <... openat resumed>) = 6 [pid 6093] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6093] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6091] <... futex resumed>) = 0 [pid 6093] read(6, [pid 6091] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6091] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = 0 [pid 6091] <... futex resumed>) = 1 [pid 6091] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6093] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 216960 [pid 6092] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20076000} --- [pid 6093] +++ killed by SIGBUS +++ [pid 6091] <... futex resumed>) = ? [pid 6092] +++ killed by SIGBUS +++ [pid 6091] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6091, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./335/binderfs") = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6094 attached [pid 6094] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6094] chdir("./336" [pid 5062] <... clone resumed>, child_tidptr=0x55555720b690) = 6094 [pid 6094] <... chdir resumed>) = 0 [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6094] setpgid(0, 0) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6094] write(3, "1000", 4) = 4 [pid 6094] close(3) = 0 [pid 6094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6094] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6094] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6095 attached [pid 6095] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6094] <... clone3 resumed> => {parent_tid=[6095]}, 88) = 6095 [pid 6095] set_robust_list(0x7f50e61789a0, 24 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], [pid 6095] <... set_robust_list resumed>) = 0 [pid 6094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6095] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6094] <... futex resumed>) = 0 [pid 6095] memfd_create("syzkaller", 0 [pid 6094] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6095] <... memfd_create resumed>) = 3 [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6095] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6095] close(3) = 0 [pid 6095] mkdir("./file0", 0777) = 0 [pid 6095] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6095] chdir("./file0") = 0 [pid 6095] ioctl(4, LOOP_CLR_FD) = 0 [pid 6095] close(4) = 0 [pid 6095] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6095] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6095] <... futex resumed>) = 0 [pid 6095] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6095] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6095] <... futex resumed>) = 1 [pid 6094] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6095] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6095] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6095] ftruncate(5, 33587199 [ 321.165246][ T6095] loop0: detected capacity change from 0 to 2048 [ 321.179953][ T6095] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 321.192337][ T6095] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6094] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6095] <... ftruncate resumed>) = 0 [pid 6095] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6095] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6094] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6094] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6094] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6094] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6095] <... mmap resumed>) = 0x20000000 [pid 6095] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6096 attached => {parent_tid=[6096]}, 88) = 6096 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], [pid 6096] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6096] <... rseq resumed>) = 0 [pid 6094] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] set_robust_list(0x7f50e61579a0, 24) = 0 [pid 6096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6096] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6096] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6095] read(6, [pid 6094] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6094] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6094] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6096] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20078000} --- [pid 6095] <... read resumed>"\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967068) = 212864 [pid 6094] <... futex resumed>) = ? [pid 6095] +++ killed by SIGBUS +++ [pid 6096] +++ killed by SIGBUS +++ [pid 6094] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6094, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./336/binderfs") = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6097 attached , child_tidptr=0x55555720b690) = 6097 [pid 6097] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6097] chdir("./337") = 0 [pid 6097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6097] setpgid(0, 0) = 0 [pid 6097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6097] write(3, "1000", 4) = 4 [pid 6097] close(3) = 0 [pid 6097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6097] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6097] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6097] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6098 attached [pid 6098] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053) = 0 [pid 6097] <... clone3 resumed> => {parent_tid=[6098]}, 88) = 6098 [pid 6098] set_robust_list(0x7f50e61789a0, 24 [pid 6097] rt_sigprocmask(SIG_SETMASK, [], [pid 6098] <... set_robust_list resumed>) = 0 [pid 6097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], [pid 6097] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6097] <... futex resumed>) = 0 [pid 6098] memfd_create("syzkaller", 0 [pid 6097] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6098] <... memfd_create resumed>) = 3 [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6098] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6098] close(3) = 0 [pid 6098] mkdir("./file0", 0777) = 0 [pid 6098] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6098] chdir("./file0") = 0 [pid 6098] ioctl(4, LOOP_CLR_FD) = 0 [pid 6098] close(4) = 0 [pid 6098] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] <... futex resumed>) = 0 [pid 6098] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6097] <... futex resumed>) = 0 [pid 6098] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6097] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] <... open resumed>) = 4 [pid 6098] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] <... futex resumed>) = 0 [pid 6098] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6097] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... open resumed>) = 5 [pid 6098] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6098] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] <... futex resumed>) = 1 [ 321.870790][ T6098] loop0: detected capacity change from 0 to 2048 [ 321.888739][ T6098] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 321.900874][ T6098] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6097] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6097] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] <... futex resumed>) = 0 [pid 6098] ftruncate(5, 33587199) = 0 [pid 6098] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6097] <... futex resumed>) = 1 [pid 6098] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6097] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6097] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6097] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE [pid 6098] <... mmap resumed>) = 0x20000000 [pid 6097] <... mprotect resumed>) = 0 [pid 6098] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6098] <... futex resumed>) = 0 [pid 6097] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0}./strace-static-x86_64: Process 6099 attached [pid 6099] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6097] <... clone3 resumed> => {parent_tid=[6099]}, 88) = 6099 [pid 6099] set_robust_list(0x7f50e61579a0, 24 [pid 6098] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] rt_sigprocmask(SIG_SETMASK, [], [pid 6099] <... set_robust_list resumed>) = 0 [pid 6097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], [pid 6097] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6099] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6097] <... futex resumed>) = 1 [pid 6098] read(6, [pid 6097] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6097] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6099] <... futex resumed>) = 0 [pid 6099] memfd_create("syzkaller", 0) = 7 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd37000 [pid 6099] write(7, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6099] munmap(0x7f50ddd37000, 138412032) = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 6099] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 6099] ioctl(8, LOOP_CLR_FD) = 0 [pid 6099] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 6099] close(8) = 0 [pid 6099] close(7) = 0 [pid 6099] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6097] <... futex resumed>) = 0 [pid 6097] exit_group(0 [pid 6099] <... futex resumed>) = ? [pid 6097] <... exit_group resumed>) = ? [pid 6099] +++ exited with 0 +++ [pid 6098] <... read resumed> ) = ? [pid 6098] +++ exited with 0 +++ [pid 6097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6097, si_uid=0, si_status=0, si_utime=0, si_stime=55 /* 0.55 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./337/binderfs") = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6100 attached , child_tidptr=0x55555720b690) = 6100 [pid 6100] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6100] chdir("./338") = 0 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6100] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6100] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6101 attached => {parent_tid=[6101]}, 88) = 6101 [pid 6101] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6101] <... rseq resumed>) = 0 [pid 6101] set_robust_list(0x7f50e61789a0, 24) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6101] memfd_create("syzkaller", 0) = 3 [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6101] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6101] close(3) = 0 [pid 6101] mkdir("./file0", 0777) = 0 [pid 6101] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6101] chdir("./file0") = 0 [pid 6101] ioctl(4, LOOP_CLR_FD) = 0 [pid 6101] close(4) = 0 [pid 6101] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6101] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6100] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... open resumed>) = 4 [ 323.254762][ T6101] loop0: detected capacity change from 0 to 2048 [ 323.272672][ T6101] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 323.284809][ T6101] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6101] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6101] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6100] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... open resumed>) = 5 [pid 6101] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... futex resumed>) = 0 [pid 6100] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6101] ftruncate(5, 33587199 [pid 6100] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... ftruncate resumed>) = 0 [pid 6101] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6101] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6100] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6100] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6100] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6101] <... mmap resumed>) = 0x20000000 [pid 6100] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6101] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6102 attached [pid 6102] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053 [pid 6100] <... clone3 resumed> => {parent_tid=[6102]}, 88) = 6102 [pid 6102] <... rseq resumed>) = 0 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] set_robust_list(0x7f50e61579a0, 24 [pid 6100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] <... set_robust_list resumed>) = 0 [pid 6100] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] <... futex resumed>) = 0 [pid 6100] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6102] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6102] <... futex resumed>) = 1 [pid 6100] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... futex resumed>) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6101] read(6, [pid 6100] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6100] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6100] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6102] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2006f000} --- [pid 6101] <... read resumed> ) = ? [pid 6100] <... futex resumed>) = ? [pid 6102] +++ killed by SIGBUS +++ [pid 6101] +++ killed by SIGBUS +++ [pid 6100] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6100, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555720c730 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./338/binderfs") = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557214770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557214770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file0") = 0 getdents64(3, 0x55555720c730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6103 attached , child_tidptr=0x55555720b690) = 6103 [pid 6103] set_robust_list(0x55555720b6a0, 24) = 0 [pid 6103] chdir("./339") = 0 [pid 6103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6103] setpgid(0, 0) = 0 [pid 6103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6103] write(3, "1000", 4) = 4 [pid 6103] close(3) = 0 [pid 6103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6103] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] rt_sigaction(SIGRT_1, {sa_handler=0x7f50e61e2270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f50e61d3420}, NULL, 8) = 0 [pid 6103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6158000 [pid 6103] mprotect(0x7f50e6159000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6178990, parent_tid=0x7f50e6178990, exit_signal=0, stack=0x7f50e6158000, stack_size=0x20300, tls=0x7f50e61786c0}./strace-static-x86_64: Process 6104 attached => {parent_tid=[6104]}, 88) = 6104 [pid 6104] rseq(0x7f50e6178fe0, 0x20, 0, 0x53053053 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] <... rseq resumed>) = 0 [pid 6103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] set_robust_list(0x7f50e61789a0, 24 [pid 6103] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... set_robust_list resumed>) = 0 [pid 6103] <... futex resumed>) = 0 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] memfd_create("syzkaller", 0) = 3 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50ddd58000 [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6104] munmap(0x7f50ddd58000, 138412032) = 0 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6104] close(3) = 0 [pid 6104] mkdir("./file0", 0777) = 0 [pid 6104] mount("/dev/loop0", "./file0", "udf", MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_LAZYTIME, "uid=ignore,noadinicb,novrs,iocharset=iso8859-1,uid=forget,iocharset=koi8-u,mode=00000000000000000002"...) = 0 [pid 6104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6104] chdir("./file0") = 0 [pid 6104] ioctl(4, LOOP_CLR_FD) = 0 [pid 6104] close(4) = 0 [pid 6104] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6103] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6104] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 6104] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 323.974845][ T6104] loop0: detected capacity change from 0 to 2048 [ 323.990140][ T6104] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 324.002062][ T6104] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6104] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6104] ftruncate(5, 33587199 [pid 6103] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... ftruncate resumed>) = 0 [pid 6104] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6103] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6103] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6103] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f50e6137000 [pid 6103] mprotect(0x7f50e6138000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6104] <... mmap resumed>) = 0x20000000 [pid 6103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6104] futex(0x7f50e62636cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f50e6157990, parent_tid=0x7f50e6157990, exit_signal=0, stack=0x7f50e6137000, stack_size=0x20300, tls=0x7f50e61576c0} [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f50e62636c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6105 attached [pid 6105] rseq(0x7f50e6157fe0, 0x20, 0, 0x53053053) = 0 [pid 6105] set_robust_list(0x7f50e61579a0, 24 [pid 6103] <... clone3 resumed> => {parent_tid=[6105]}, 88) = 6105 [pid 6105] <... set_robust_list resumed>) = 0 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6105] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6103] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6103] futex(0x7f50e62636dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] openat(AT_FDCWD, "/dev/full", O_RDONLY) = 6 [pid 6105] futex(0x7f50e62636dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] futex(0x7f50e62636d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f50e62636c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6104] read(6, [pid 6103] <... futex resumed>) = 1 [pid 6103] futex(0x7f50e62636cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6103] futex(0x7f50e62636d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [ 324.370728][ T6105] ------------[ cut here ]------------ [ 324.376454][ T6105] WARNING: CPU: 0 PID: 6105 at fs/udf/truncate.c:204 udf_truncate_extents+0x776/0xa00 [ 324.386404][ T6105] Modules linked in: [ 324.390312][ T6105] CPU: 0 PID: 6105 Comm: syz-executor377 Not tainted 6.7.0-rc3-syzkaller #0 [ 324.399015][ T6105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 324.409200][ T6105] RIP: 0010:udf_truncate_extents+0x776/0xa00 [ 324.415246][ T6105] Code: 01 00 00 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 8f de 93 fe 31 ff 4c 89 ee e8 15 da 93 fe 4d 85 ed 74 8a e8 7b de 93 fe 90 <0f> 0b 90 e9 7c ff ff ff c7 44 24 48 08 00 00 00 e9 61 fa ff ff e8 [ 324.434914][ T6105] RSP: 0000:ffffc90004567270 EFLAGS: 00010293 [ 324.441040][ T6105] RAX: 0000000000000000 RBX: ffff88806f855398 RCX: ffffffff82f2a1db [ 324.449014][ T6105] RDX: ffff88802822c200 RSI: ffffffff82f2a1e5 RDI: 0000000000000007 [ 324.457206][ T6105] RBP: ffff88807e7a4000 R08: 0000000000000007 R09: 0000000000000000 [ 324.465222][ T6105] R10: 0000000001f8c3ff R11: 0000000000000004 R12: 00000000000000ff [ 324.473276][ T6105] R13: 0000000001f8c3ff R14: ffffc90004567320 R15: ffffc90004567360 [ 324.481291][ T6105] FS: 00007f50e61576c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 324.490247][ T6105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 324.496893][ T6105] CR2: 000000002007c000 CR3: 000000001d38f000 CR4: 00000000003506f0 [ 324.504924][ T6105] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 324.512967][ T6105] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 324.520971][ T6105] Call Trace: [ 324.524241][ T6105] [ 324.527158][ T6105] ? show_regs+0x8f/0xa0 [ 324.531468][ T6105] ? __warn+0xe6/0x390 [ 324.535571][ T6105] ? udf_truncate_extents+0x776/0xa00 [ 324.540986][ T6105] ? report_bug+0x3bc/0x580 [ 324.545578][ T6105] ? handle_bug+0x3d/0x70 [ 324.549922][ T6105] ? exc_invalid_op+0x17/0x40 [ 324.554651][ T6105] ? asm_exc_invalid_op+0x1a/0x20 [ 324.559774][ T6105] ? udf_truncate_extents+0x76b/0xa00 [ 324.565202][ T6105] ? udf_truncate_extents+0x775/0xa00 [ 324.570610][ T6105] ? udf_truncate_extents+0x776/0xa00 [ 324.575997][ T6105] ? udf_discard_prealloc+0x4f0/0x4f0 [ 324.581402][ T6105] ? find_held_lock+0x2d/0x110 [ 324.585566][ T27] audit: type=1400 audit(1701155019.806:93): avc: denied { rename } for pid=4494 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 324.586196][ T6105] ? udf_do_extend_file+0x4f8/0x8f0 [ 324.609260][ T27] audit: type=1400 audit(1701155019.806:94): avc: denied { unlink } for pid=4494 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 324.613477][ T6105] ? do_raw_spin_lock+0x12e/0x2b0 [ 324.613516][ T6105] ? spin_bug+0x1d0/0x1d0 [ 324.645290][ T6105] ? udf_write_aext+0x5af/0x8e0 [ 324.645308][ T27] audit: type=1400 audit(1701155019.806:95): avc: denied { create } for pid=4494 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 324.650143][ T6105] udf_do_extend_file+0x500/0x8f0 [ 324.675790][ T6105] ? udf_next_aext+0x460/0x460 [ 324.680601][ T6105] ? udf_next_aext+0x2ea/0x460 [ 324.685386][ T6105] inode_getblk+0xf99/0x3e30 [ 324.690073][ T6105] ? arch_stack_walk+0x112/0x170 [ 324.695046][ T6105] ? udf_delete_aext+0xcf0/0xcf0 [ 324.700002][ T6105] ? __lock_acquire+0x14f0/0x3b20 [ 324.705096][ T6105] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 324.711140][ T6105] ? create_empty_buffers+0x36/0x480 [ 324.716474][ T6105] ? folio_create_buffers+0x105/0x140 [ 324.721879][ T6105] ? lock_acquire+0x1ae/0x520 [ 324.726576][ T6105] ? find_held_lock+0x2d/0x110 [ 324.731379][ T6105] ? spin_bug+0x1d0/0x1d0 [ 324.735802][ T6105] ? preempt_count_sub+0x160/0x160 [ 324.741045][ T6105] udf_map_block+0x2de/0x570 [ 324.745665][ T6105] ? inode_bmap+0x7b0/0x7b0 [ 324.750209][ T6105] ? lock_acquire+0x1ae/0x520 [ 324.754925][ T6105] ? find_held_lock+0x2d/0x110 [ 324.759709][ T6105] ? create_empty_buffers+0x3a5/0x480 [ 324.765129][ T6105] ? reacquire_held_locks+0x4c0/0x4c0 [ 324.770563][ T6105] ? do_raw_spin_lock+0x12e/0x2b0 [ 324.775589][ T6105] __udf_get_block+0x99/0x330 [ 324.780272][ T6105] ? udf_map_block+0x570/0x570 [ 324.785102][ T6105] ? _raw_spin_unlock+0x28/0x40 [ 324.790032][ T6105] ? create_empty_buffers+0x3a5/0x480 [ 324.795455][ T6105] ? udf_get_block_wb+0x30/0x30 [ 324.800322][ T6105] __block_write_begin_int+0x3c0/0x1560 [ 324.805910][ T6105] ? udf_get_block_wb+0x30/0x30 [ 324.810796][ T6105] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 324.816336][ T6105] ? preempt_count_sub+0x160/0x160 [ 324.821491][ T6105] udf_page_mkwrite+0x48b/0xaf0 [ 324.826358][ T6105] do_page_mkwrite+0x17a/0x380 [ 324.831190][ T6105] do_wp_page+0xaa9/0x36b0 [ 324.835623][ T6105] ? lock_sync+0x190/0x190 [ 324.840038][ T6105] ? vm_normal_page+0x270/0x270 [ 324.844928][ T6105] ? do_raw_spin_lock+0x12e/0x2b0 [ 324.849975][ T6105] ? spin_bug+0x1d0/0x1d0 [ 324.854347][ T6105] __handle_mm_fault+0x1d7d/0x3d70 [ 324.859476][ T6105] ? vm_iomap_memory+0x170/0x170 [ 324.864454][ T6105] ? lock_mm_and_find_vma+0x580/0x580 [ 324.869845][ T6105] handle_mm_fault+0x47a/0xa10 [ 324.874649][ T6105] do_user_addr_fault+0x30b/0x1000 [ 324.879782][ T6105] ? irqentry_enter_from_user_mode+0x5f/0xc0 [ 324.885815][ T6105] exc_page_fault+0x5d/0xc0 [ 324.890338][ T6105] asm_exc_page_fault+0x26/0x30 [ 324.895233][ T6105] RIP: 0033:0x7f50e61a080a [ 324.899667][ T6105] Code: 00 01 00 00 00 74 9a 83 f9 c0 0f 87 8c fe ff ff c5 fe 6f 4e 20 48 29 fe 48 83 c7 3f 49 8d 0c 10 48 83 e7 c0 48 01 fe 48 29 f9 a4 c4 c1 7e 7f 00 c4 c1 7e 7f 48 20 e9 0b fd ff ff 0f 1f 40 00 [ 324.919344][ T6105] RSP: 002b:00007f50e6157218 EFLAGS: 00010202 [ 324.925476][ T6105] RAX: 000000002005d540 RBX: 00007f50e62636d8 RCX: 00000000000006d7 [ 324.933517][ T6105] RDX: 000000000001f197 RSI: 00007f50e622f778 RDI: 000000002007c000 [ 324.941557][ T6105] RBP: 00007f50e62636d0 R08: 000000002005d540 R09: 00007f50e6156fa8 [ 324.949634][ T6105] R10: 0000000000000000 R11: 0000000000000001 R12: 00007f50e622fe50 [ 324.957680][ T6105] R13: 00007f50e6210073 R14: 0030656c69662f2e R15: 00007f50e6210cb8 [ 324.965689][ T6105] [ 324.968700][ T6105] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 324.975969][ T6105] CPU: 0 PID: 6105 Comm: syz-executor377 Not tainted 6.7.0-rc3-syzkaller #0 [ 324.984638][ T6105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 324.994691][ T6105] Call Trace: [ 324.997976][ T6105] [ 325.000920][ T6105] dump_stack_lvl+0xd9/0x1b0 [ 325.005506][ T6105] panic+0x6dc/0x790 [ 325.009399][ T6105] ? panic_smp_self_stop+0xa0/0xa0 [ 325.014536][ T6105] ? show_trace_log_lvl+0x363/0x4f0 [ 325.019742][ T6105] ? check_panic_on_warn+0x1f/0xb0 [ 325.024857][ T6105] ? udf_truncate_extents+0x776/0xa00 [ 325.030230][ T6105] check_panic_on_warn+0xab/0xb0 [ 325.035173][ T6105] __warn+0xf2/0x390 [ 325.039071][ T6105] ? udf_truncate_extents+0x776/0xa00 [ 325.044451][ T6105] report_bug+0x3bc/0x580 [ 325.048867][ T6105] handle_bug+0x3d/0x70 [ 325.053022][ T6105] exc_invalid_op+0x17/0x40 [ 325.057537][ T6105] asm_exc_invalid_op+0x1a/0x20 [ 325.062409][ T6105] RIP: 0010:udf_truncate_extents+0x776/0xa00 [ 325.068408][ T6105] Code: 01 00 00 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 8f de 93 fe 31 ff 4c 89 ee e8 15 da 93 fe 4d 85 ed 74 8a e8 7b de 93 fe 90 <0f> 0b 90 e9 7c ff ff ff c7 44 24 48 08 00 00 00 e9 61 fa ff ff e8 [ 325.088194][ T6105] RSP: 0000:ffffc90004567270 EFLAGS: 00010293 [ 325.094261][ T6105] RAX: 0000000000000000 RBX: ffff88806f855398 RCX: ffffffff82f2a1db [ 325.102241][ T6105] RDX: ffff88802822c200 RSI: ffffffff82f2a1e5 RDI: 0000000000000007 [ 325.110218][ T6105] RBP: ffff88807e7a4000 R08: 0000000000000007 R09: 0000000000000000 [ 325.118204][ T6105] R10: 0000000001f8c3ff R11: 0000000000000004 R12: 00000000000000ff [ 325.126188][ T6105] R13: 0000000001f8c3ff R14: ffffc90004567320 R15: ffffc90004567360 [ 325.134166][ T6105] ? udf_truncate_extents+0x76b/0xa00 [ 325.139548][ T6105] ? udf_truncate_extents+0x775/0xa00 [ 325.144940][ T6105] ? udf_discard_prealloc+0x4f0/0x4f0 [ 325.150315][ T6105] ? find_held_lock+0x2d/0x110 [ 325.155116][ T6105] ? udf_do_extend_file+0x4f8/0x8f0 [ 325.160314][ T6105] ? do_raw_spin_lock+0x12e/0x2b0 [ 325.165346][ T6105] ? spin_bug+0x1d0/0x1d0 [ 325.169705][ T6105] ? udf_write_aext+0x5af/0x8e0 [ 325.174568][ T6105] udf_do_extend_file+0x500/0x8f0 [ 325.179618][ T6105] ? udf_next_aext+0x460/0x460 [ 325.184384][ T6105] ? udf_next_aext+0x2ea/0x460 [ 325.189155][ T6105] inode_getblk+0xf99/0x3e30 [ 325.193749][ T6105] ? arch_stack_walk+0x112/0x170 [ 325.198686][ T6105] ? udf_delete_aext+0xcf0/0xcf0 [ 325.203625][ T6105] ? __lock_acquire+0x14f0/0x3b20 [ 325.208655][ T6105] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 325.214641][ T6105] ? create_empty_buffers+0x36/0x480 [ 325.219944][ T6105] ? folio_create_buffers+0x105/0x140 [ 325.225320][ T6105] ? lock_acquire+0x1ae/0x520 [ 325.230020][ T6105] ? find_held_lock+0x2d/0x110 [ 325.234786][ T6105] ? spin_bug+0x1d0/0x1d0 [ 325.239123][ T6105] ? preempt_count_sub+0x160/0x160 [ 325.244256][ T6105] udf_map_block+0x2de/0x570 [ 325.248851][ T6105] ? inode_bmap+0x7b0/0x7b0 [ 325.253442][ T6105] ? lock_acquire+0x1ae/0x520 [ 325.258124][ T6105] ? find_held_lock+0x2d/0x110 [ 325.262979][ T6105] ? create_empty_buffers+0x3a5/0x480 [ 325.268354][ T6105] ? reacquire_held_locks+0x4c0/0x4c0 [ 325.273743][ T6105] ? do_raw_spin_lock+0x12e/0x2b0 [ 325.278790][ T6105] __udf_get_block+0x99/0x330 [ 325.283470][ T6105] ? udf_map_block+0x570/0x570 [ 325.288236][ T6105] ? _raw_spin_unlock+0x28/0x40 [ 325.293083][ T6105] ? create_empty_buffers+0x3a5/0x480 [ 325.298464][ T6105] ? udf_get_block_wb+0x30/0x30 [ 325.303321][ T6105] __block_write_begin_int+0x3c0/0x1560 [ 325.308873][ T6105] ? udf_get_block_wb+0x30/0x30 [ 325.313742][ T6105] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 325.319316][ T6105] ? preempt_count_sub+0x160/0x160 [ 325.324447][ T6105] udf_page_mkwrite+0x48b/0xaf0 [ 325.329307][ T6105] do_page_mkwrite+0x17a/0x380 [ 325.334092][ T6105] do_wp_page+0xaa9/0x36b0 [ 325.338786][ T6105] ? lock_sync+0x190/0x190 [ 325.343227][ T6105] ? vm_normal_page+0x270/0x270 [ 325.348093][ T6105] ? do_raw_spin_lock+0x12e/0x2b0 [ 325.353147][ T6105] ? spin_bug+0x1d0/0x1d0 [ 325.357611][ T6105] __handle_mm_fault+0x1d7d/0x3d70 [ 325.363271][ T6105] ? vm_iomap_memory+0x170/0x170 [ 325.368230][ T6105] ? lock_mm_and_find_vma+0x580/0x580 [ 325.373617][ T6105] handle_mm_fault+0x47a/0xa10 [ 325.378393][ T6105] do_user_addr_fault+0x30b/0x1000 [ 325.383516][ T6105] ? irqentry_enter_from_user_mode+0x5f/0xc0 [ 325.389507][ T6105] exc_page_fault+0x5d/0xc0 [ 325.394021][ T6105] asm_exc_page_fault+0x26/0x30 [ 325.398893][ T6105] RIP: 0033:0x7f50e61a080a [ 325.403306][ T6105] Code: 00 01 00 00 00 74 9a 83 f9 c0 0f 87 8c fe ff ff c5 fe 6f 4e 20 48 29 fe 48 83 c7 3f 49 8d 0c 10 48 83 e7 c0 48 01 fe 48 29 f9 a4 c4 c1 7e 7f 00 c4 c1 7e 7f 48 20 e9 0b fd ff ff 0f 1f 40 00 [ 325.422915][ T6105] RSP: 002b:00007f50e6157218 EFLAGS: 00010202 [ 325.428991][ T6105] RAX: 000000002005d540 RBX: 00007f50e62636d8 RCX: 00000000000006d7 [ 325.436966][ T6105] RDX: 000000000001f197 RSI: 00007f50e622f778 RDI: 000000002007c000 [ 325.444938][ T6105] RBP: 00007f50e62636d0 R08: 000000002005d540 R09: 00007f50e6156fa8 [ 325.452910][ T6105] R10: 0000000000000000 R11: 0000000000000001 R12: 00007f50e622fe50 [ 325.460902][ T6105] R13: 00007f50e6210073 R14: 0030656c69662f2e R15: 00007f50e6210cb8 [ 325.468876][ T6105] [ 325.472135][ T6105] Kernel Offset: disabled [ 325.476552][ T6105] Rebooting in 86400 seconds..