./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor468492996
<...>
t(1713847880.622:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.172278][ T28] audit: type=1400 audit(1713847880.622:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.704012][ T228] sftp-server (228) used greatest stack depth: 22320 bytes left
Warning: Permanently added '10.128.0.110' (ED25519) to the list of known hosts.
execve("./syz-executor468492996", ["./syz-executor468492996"], 0x7fff57be5120 /* 10 vars */) = 0
brk(NULL) = 0x555556cb7000
brk(0x555556cb7e00) = 0x555556cb7e00
arch_prctl(ARCH_SET_FS, 0x555556cb7480) = 0
set_tid_address(0x555556cb7750) = 294
set_robust_list(0x555556cb7760, 24) = 0
rseq(0x555556cb7da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor468492996", 4096) = 27
getrandom("\x0e\x8b\x66\x02\x7f\x1c\xfb\x25", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556cb7e00
brk(0x555556cd8e00) = 0x555556cd8e00
brk(0x555556cd9000) = 0x555556cd9000
mprotect(0x7fcf97e9b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 294
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "294", 3) = 3
close(3) = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fcf97dded90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fcf97dded90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
mkdir("./syzkaller.Pgmg1U", 0700) = 0
chmod("./syzkaller.Pgmg1U", 0777) = 0
chdir("./syzkaller.Pgmg1U") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 296
./strace-static-x86_64: Process 296 attached
[pid 296] set_robust_list(0x555556cb7760, 24) = 0
[pid 296] chdir("./0") = 0
[pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 296] setpgid(0, 0) = 0
[pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 296] write(3, "1000", 4) = 4
[pid 296] close(3) = 0
[pid 296] symlink("/dev/binderfs", "./binderfs") = 0
[pid 296] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 296] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[297]}, 88) = 297
[pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached
<unfinished ...>
[pid 297] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 297] memfd_create("syzkaller", 0) = 3
[pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 297] munmap(0x7fcf8f9b4000, 138412032) = 0
[ 22.319053][ T28] audit: type=1400 audit(1713847889.812:66): avc: denied { execmem } for pid=294 comm="syz-executor468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 22.338941][ T28] audit: type=1400 audit(1713847889.832:67): avc: denied { read write } for pid=294 comm="syz-executor468" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 297] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 297] close(3) = 0
[pid 297] close(4) = 0
[pid 297] mkdir("./file0", 0777) = 0
[ 22.364159][ T28] audit: type=1400 audit(1713847889.832:68): avc: denied { open } for pid=294 comm="syz-executor468" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 22.370394][ T297] loop0: detected capacity change from 0 to 2048
[pid 297] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 297] chdir("./file0") = 0
[pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 297] ioctl(4, LOOP_CLR_FD) = 0
[pid 297] close(4) = 0
[pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 296] <... futex resumed>) = 0
[pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 297] <... futex resumed>) = 1
[pid 297] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 296] <... futex resumed>) = 0
[pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[ 22.388631][ T28] audit: type=1400 audit(1713847889.832:69): avc: denied { ioctl } for pid=294 comm="syz-executor468" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 22.419839][ T28] audit: type=1400 audit(1713847889.902:70): avc: denied { mounton } for pid=296 comm="syz-executor468" path="/root/syzkaller.Pgmg1U/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 22.454100][ T297] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 297] <... futex resumed>) = 1
[pid 297] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 296] <... futex resumed>) = 0
[pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 297] <... futex resumed>) = 1
[pid 297] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 296] <... futex resumed>) = 0
[pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 296] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[301]}, 88) = 301
[pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 296] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 296] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 297] <... futex resumed>) = 1
[pid 297] write(4, 0x200000c0, 120) = 120
[pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 297] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 301 attached
<unfinished ...>
[pid 301] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 22.462621][ T28] audit: type=1400 audit(1713847889.962:71): avc: denied { mount } for pid=296 comm="syz-executor468" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 22.480452][ T301] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 22.485364][ T28] audit: type=1400 audit(1713847889.962:72): avc: denied { write } for pid=296 comm="syz-executor468" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 22.499356][ T301] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 22.520844][ T28] audit: type=1400 audit(1713847889.962:73): avc: denied { add_name } for pid=296 comm="syz-executor468" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 22.533060][ T301] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.533060][ T301]
[ 22.554200][ T28] audit: type=1400 audit(1713847889.962:74): avc: denied { create } for pid=296 comm="syz-executor468" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 22.584035][ T301] EXT4-fs (loop0): Total free blocks count 0
[ 22.584053][ T301] EXT4-fs (loop0): Free/Dirty block details
[ 22.584064][ T301] EXT4-fs (loop0): free_blocks=2415919104
[ 22.584076][ T301] EXT4-fs (loop0): dirty_blocks=16
[ 22.584087][ T301] EXT4-fs (loop0): Block reservation details
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 301] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 301] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 301] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 296] exit_group(0 <unfinished ...>
[pid 297] <... futex resumed>) = ?
[pid 296] <... exit_group resumed>) = ?
[pid 297] +++ exited with 0 +++
[pid 301] <... futex resumed>) = ?
[pid 301] +++ exited with 0 +++
[pid 296] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=15} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 302
./strace-static-x86_64: Process 302 attached
[pid 302] set_robust_list(0x555556cb7760, 24) = 0
[pid 302] chdir("./1") = 0
[pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 302] setpgid(0, 0) = 0
[pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 302] write(3, "1000", 4) = 4
[pid 302] close(3) = 0
[pid 302] symlink("/dev/binderfs", "./binderfs") = 0
[pid 302] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 302] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[303]}, 88) = 303
[pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 303 attached
<unfinished ...>
[pid 303] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 303] memfd_create("syzkaller", 0) = 3
[pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 303] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.606116][ T28] audit: type=1400 audit(1713847889.962:75): avc: denied { read append open } for pid=296 comm="syz-executor468" path="/root/syzkaller.Pgmg1U/0/file0/pids.current" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 22.611955][ T301] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 22.649082][ T301] syz-executor468 (301) used greatest stack depth: 21832 bytes left
[ 22.657776][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 303] close(3) = 0
[pid 303] close(4) = 0
[pid 303] mkdir("./file0", 0777) = 0
[pid 303] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 303] chdir("./file0") = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_CLR_FD) = 0
[pid 303] close(4) = 0
[pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 302] <... futex resumed>) = 0
[pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 303] <... futex resumed>) = 1
[pid 303] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 302] <... futex resumed>) = 0
[pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 303] <... futex resumed>) = 1
[pid 303] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 302] <... futex resumed>) = 0
[pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 303] <... futex resumed>) = 1
[pid 303] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 302] <... futex resumed>) = 0
[pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 302] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[306]}, 88) = 306
[pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 302] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 302] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached
<unfinished ...>
[pid 303] <... futex resumed>) = 1
[pid 306] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 303] write(4, 0x200000c0, 120 <unfinished ...>
[pid 306] <... set_robust_list resumed>) = 0
[pid 303] <... write resumed>) = 120
[pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 303] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 22.687072][ T303] loop0: detected capacity change from 0 to 2048
[ 22.713738][ T303] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 22.729760][ T306] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 22.744917][ T306] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 22.757159][ T306] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.757159][ T306]
[ 22.766627][ T306] EXT4-fs (loop0): Total free blocks count 0
[ 22.772431][ T306] EXT4-fs (loop0): Free/Dirty block details
[ 22.778269][ T306] EXT4-fs (loop0): free_blocks=2415919104
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 306] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 306] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 306] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 302] exit_group(0 <unfinished ...>
[pid 306] <... futex resumed>) = ?
[pid 303] <... futex resumed>) = ?
[pid 302] <... exit_group resumed>) = ?
[pid 303] +++ exited with 0 +++
[pid 306] +++ exited with 0 +++
[pid 302] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 307
./strace-static-x86_64: Process 307 attached
[pid 307] set_robust_list(0x555556cb7760, 24) = 0
[pid 307] chdir("./2") = 0
[pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 307] setpgid(0, 0) = 0
[pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 307] write(3, "1000", 4) = 4
[pid 307] close(3) = 0
[pid 307] symlink("/dev/binderfs", "./binderfs") = 0
[pid 307] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 307] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0}./strace-static-x86_64: Process 308 attached
=> {parent_tid=[308]}, 88) = 308
[pid 308] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 308] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 308] <... futex resumed>) = 0
[pid 308] memfd_create("syzkaller", 0 <unfinished ...>
[pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 308] <... memfd_create resumed>) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 308] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.783855][ T306] EXT4-fs (loop0): dirty_blocks=16
[ 22.788751][ T306] EXT4-fs (loop0): Block reservation details
[ 22.794710][ T306] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 22.808467][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] close(3) = 0
[pid 308] close(4) = 0
[pid 308] mkdir("./file0", 0777) = 0
[pid 308] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file0") = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] close(4) = 0
[pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 307] <... futex resumed>) = 0
[pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 308] <... futex resumed>) = 1
[pid 308] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 307] <... futex resumed>) = 0
[pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 308] <... futex resumed>) = 1
[pid 308] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 307] <... futex resumed>) = 0
[pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 308] <... futex resumed>) = 1
[pid 308] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 307] <... futex resumed>) = 0
[pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 307] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[311]}, 88) = 311
./strace-static-x86_64: Process 311 attached
[pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 307] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 307] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 308] write(4, 0x200000c0, 120) = 120
[pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 308] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 311] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 22.839047][ T308] loop0: detected capacity change from 0 to 2048
[ 22.853883][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 22.871134][ T311] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 22.885928][ T311] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 22.897986][ T311] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.897986][ T311]
[ 22.907438][ T311] EXT4-fs (loop0): Total free blocks count 0
[ 22.913305][ T311] EXT4-fs (loop0): Free/Dirty block details
[ 22.919001][ T311] EXT4-fs (loop0): free_blocks=2415919104
[ 22.924606][ T311] EXT4-fs (loop0): dirty_blocks=16
[ 22.929506][ T311] EXT4-fs (loop0): Block reservation details
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 311] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 311] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 311] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 307] exit_group(0 <unfinished ...>
[pid 311] <... futex resumed>) = ?
[pid 308] <... futex resumed>) = ?
[pid 307] <... exit_group resumed>) = ?
[pid 311] +++ exited with 0 +++
[pid 308] +++ exited with 0 +++
[pid 307] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 313
./strace-static-x86_64: Process 313 attached
[pid 313] set_robust_list(0x555556cb7760, 24) = 0
[pid 313] chdir("./3") = 0
[pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 313] setpgid(0, 0) = 0
[pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 313] write(3, "1000", 4) = 4
[pid 313] close(3) = 0
[pid 313] symlink("/dev/binderfs", "./binderfs") = 0
[pid 313] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 313] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[314]}, 88) = 314
[pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 314 attached
<unfinished ...>
[pid 314] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 314] memfd_create("syzkaller", 0) = 3
[pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 314] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.935345][ T311] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 22.953302][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 314] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 314] close(3) = 0
[pid 314] close(4) = 0
[pid 314] mkdir("./file0", 0777) = 0
[pid 314] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 314] chdir("./file0") = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_CLR_FD) = 0
[pid 314] close(4) = 0
[pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 313] <... futex resumed>) = 0
[pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 314] <... futex resumed>) = 1
[pid 314] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 313] <... futex resumed>) = 0
[pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 314] <... futex resumed>) = 1
[pid 314] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 313] <... futex resumed>) = 0
[pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 314] <... futex resumed>) = 1
[pid 314] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 313] <... futex resumed>) = 0
[pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 313] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} <unfinished ...>
[pid 314] <... futex resumed>) = 1
[pid 313] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317
[pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 313] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 313] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 314] write(4, 0x200000c0, 120) = 120
[pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 314] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 317 attached
<unfinished ...>
[pid 317] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 22.984250][ T314] loop0: detected capacity change from 0 to 2048
[ 23.003485][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 313] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 313] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 23.021589][ T317] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 23.036266][ T317] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 23.048392][ T317] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.048392][ T317]
[ 23.057931][ T317] EXT4-fs (loop0): Total free blocks count 0
[ 23.063865][ T317] EXT4-fs (loop0): Free/Dirty block details
[ 23.070397][ T317] EXT4-fs (loop0): free_blocks=2415919104
[ 23.076158][ T317] EXT4-fs (loop0): dirty_blocks=16
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 317] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 317] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 317] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 313] exit_group(0 <unfinished ...>
[pid 317] <... futex resumed>) = ?
[pid 314] <... futex resumed>) = ?
[pid 313] <... exit_group resumed>) = ?
[pid 314] +++ exited with 0 +++
[pid 317] +++ exited with 0 +++
[pid 313] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 318
./strace-static-x86_64: Process 318 attached
[pid 318] set_robust_list(0x555556cb7760, 24) = 0
[pid 318] chdir("./4") = 0
[pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 318] setpgid(0, 0) = 0
[pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 318] write(3, "1000", 4) = 4
[pid 318] close(3) = 0
[pid 318] symlink("/dev/binderfs", "./binderfs") = 0
[pid 318] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 318] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 318] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0}./strace-static-x86_64: Process 319 attached
=> {parent_tid=[319]}, 88) = 319
[pid 319] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 319] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 319] <... futex resumed>) = 0
[pid 319] memfd_create("syzkaller", 0 <unfinished ...>
[pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 319] <... memfd_create resumed>) = 3
[pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 319] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.081112][ T317] EXT4-fs (loop0): Block reservation details
[ 23.086955][ T317] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 23.111317][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 319] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 319] close(3) = 0
[pid 319] close(4) = 0
[pid 319] mkdir("./file0", 0777) = 0
[pid 319] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 319] chdir("./file0") = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 319] ioctl(4, LOOP_CLR_FD) = 0
[pid 319] close(4) = 0
[pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 318] <... futex resumed>) = 0
[pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 319] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid 318] <... futex resumed>) = 0
[pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 319] <... openat resumed>) = 4
[pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 319] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 318] <... futex resumed>) = 0
[pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 319] <... futex resumed>) = 0
[pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 319] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 318] <... futex resumed>) = 0
[pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 319] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 318] <... futex resumed>) = 0
[pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 318] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 318] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[322]}, 88) = 322
[pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
./strace-static-x86_64: Process 322 attached
[pid 318] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 318] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 322] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 319] <... futex resumed>) = 1
[pid 322] <... set_robust_list resumed>) = 0
[pid 319] write(4, 0x200000c0, 120) = 120
[pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 319] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.143250][ T319] loop0: detected capacity change from 0 to 2048
[ 23.154110][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 23.171667][ T322] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 318] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 318] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 322] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 322] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 322] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 318] exit_group(0 <unfinished ...>
[pid 319] <... futex resumed>) = ?
[pid 318] <... exit_group resumed>) = ?
[pid 322] <... futex resumed>) = ?
[pid 319] +++ exited with 0 +++
[pid 322] +++ exited with 0 +++
[pid 318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 23.186392][ T322] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 23.198516][ T322] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.198516][ T322]
[ 23.208035][ T322] EXT4-fs (loop0): Total free blocks count 0
[ 23.214313][ T322] EXT4-fs (loop0): Free/Dirty block details
[ 23.220057][ T322] EXT4-fs (loop0): free_blocks=2415919104
[ 23.225619][ T322] EXT4-fs (loop0): dirty_blocks=16
[ 23.230532][ T322] EXT4-fs (loop0): Block reservation details
[ 23.236372][ T322] EXT4-fs (loop0): i_reserved_data_blocks=1
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 324
./strace-static-x86_64: Process 324 attached
[pid 324] set_robust_list(0x555556cb7760, 24) = 0
[pid 324] chdir("./5") = 0
[pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 324] setpgid(0, 0) = 0
[pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 324] write(3, "1000", 4) = 4
[pid 324] close(3) = 0
[pid 324] symlink("/dev/binderfs", "./binderfs") = 0
[pid 324] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 324] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[325]}, 88) = 325
[pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 325 attached
<unfinished ...>
[pid 325] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 325] memfd_create("syzkaller", 0) = 3
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 325] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 325] close(3) = 0
[pid 325] close(4) = 0
[pid 325] mkdir("./file0", 0777) = 0
[pid 325] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 325] chdir("./file0") = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_CLR_FD) = 0
[pid 325] close(4) = 0
[pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 324] <... futex resumed>) = 0
[pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 325] <... futex resumed>) = 1
[pid 325] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 324] <... futex resumed>) = 0
[pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 325] <... futex resumed>) = 1
[pid 325] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 324] <... futex resumed>) = 0
[pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 325] <... futex resumed>) = 1
[pid 325] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 324] <... futex resumed>) = 0
[pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 324] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid 325] <... futex resumed>) = 1
[pid 324] <... mprotect resumed>) = 0
[pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} <unfinished ...>
[pid 325] write(4, 0x200000c0, 120 <unfinished ...>
[pid 324] <... clone3 resumed> => {parent_tid=[328]}, 88) = 328
[pid 324] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 328 attached
<unfinished ...>
[pid 325] <... write resumed>) = 120
[pid 324] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 324] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 324] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 328] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 325] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 328] <... set_robust_list resumed>) = 0
[pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.249190][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 23.272837][ T325] loop0: detected capacity change from 0 to 2048
[ 23.284609][ T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 23.301974][ T328] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 23.317025][ T328] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 23.329185][ T328] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.329185][ T328]
[ 23.338763][ T328] EXT4-fs (loop0): Total free blocks count 0
[ 23.344574][ T328] EXT4-fs (loop0): Free/Dirty block details
[pid 324] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 328] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 328] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 328] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 324] exit_group(0 <unfinished ...>
[pid 325] <... futex resumed>) = ?
[pid 324] <... exit_group resumed>) = ?
[pid 325] +++ exited with 0 +++
[pid 328] <... futex resumed>) = ?
[pid 328] +++ exited with 0 +++
[pid 324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x555556cb7760, 24) = 0
[pid 329] chdir("./6") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs") = 0
[pid 329] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 329] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[330]}, 88) = 330
[pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached
<unfinished ...>
[pid 330] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 330] memfd_create("syzkaller", 0) = 3
[pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 330] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.350282][ T328] EXT4-fs (loop0): free_blocks=2415919104
[ 23.355863][ T328] EXT4-fs (loop0): dirty_blocks=16
[ 23.360872][ T328] EXT4-fs (loop0): Block reservation details
[ 23.366631][ T328] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 23.381228][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 330] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 330] close(3) = 0
[pid 330] close(4) = 0
[pid 330] mkdir("./file0", 0777) = 0
[pid 330] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 330] chdir("./file0") = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 330] ioctl(4, LOOP_CLR_FD) = 0
[pid 330] close(4) = 0
[pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 329] <... futex resumed>) = 0
[pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 330] <... futex resumed>) = 1
[pid 330] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 329] <... futex resumed>) = 0
[pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 330] <... futex resumed>) = 1
[pid 330] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 329] <... futex resumed>) = 0
[pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 330] <... futex resumed>) = 1
[pid 330] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 329] <... futex resumed>) = 0
[pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 330] <... futex resumed>) = 1
[pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid 330] write(4, 0x200000c0, 120 <unfinished ...>
[pid 329] <... mmap resumed>) = 0x7fcf97d93000
[pid 329] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid 330] <... write resumed>) = 120
[pid 329] <... mprotect resumed>) = 0
[pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0}./strace-static-x86_64: Process 333 attached
<unfinished ...>
[pid 330] <... futex resumed>) = 0
[pid 329] <... clone3 resumed> => {parent_tid=[333]}, 88) = 333
[pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 329] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 329] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 333] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 330] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 333] <... set_robust_list resumed>) = 0
[pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.407046][ T330] loop0: detected capacity change from 0 to 2048
[ 23.424084][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 23.442997][ T333] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 23.457894][ T333] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 23.469945][ T333] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.469945][ T333]
[ 23.479469][ T333] EXT4-fs (loop0): Total free blocks count 0
[ 23.485450][ T333] EXT4-fs (loop0): Free/Dirty block details
[ 23.491145][ T333] EXT4-fs (loop0): free_blocks=2415919104
[ 23.496741][ T333] EXT4-fs (loop0): dirty_blocks=16
[ 23.501650][ T333] EXT4-fs (loop0): Block reservation details
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 333] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 333] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 333] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 329] exit_group(0) = ?
[pid 330] <... futex resumed>) = ?
[pid 333] <... futex resumed>) = ?
[pid 330] +++ exited with 0 +++
[pid 333] +++ exited with 0 +++
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 334
./strace-static-x86_64: Process 334 attached
[pid 334] set_robust_list(0x555556cb7760, 24) = 0
[pid 334] chdir("./7") = 0
[pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 334] setpgid(0, 0) = 0
[pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 334] write(3, "1000", 4) = 4
[pid 334] close(3) = 0
[pid 334] symlink("/dev/binderfs", "./binderfs") = 0
[pid 334] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 334] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 334] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[335]}, 88) = 335
[pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached
<unfinished ...>
[pid 335] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 335] memfd_create("syzkaller", 0) = 3
[pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 335] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 335] close(3) = 0
[pid 335] close(4) = 0
[pid 335] mkdir("./file0", 0777) = 0
[ 23.507491][ T333] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 23.521098][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 23.544777][ T335] loop0: detected capacity change from 0 to 2048
[pid 335] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 335] chdir("./file0") = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_CLR_FD) = 0
[pid 335] close(4) = 0
[pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 334] <... futex resumed>) = 0
[pid 335] <... futex resumed>) = 1
[pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 335] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid 334] <... futex resumed>) = 0
[pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 335] <... openat resumed>) = 4
[pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 334] <... futex resumed>) = 0
[pid 335] <... futex resumed>) = 1
[pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 335] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8 <unfinished ...>
[pid 334] <... futex resumed>) = 0
[pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 335] <... write resumed>) = 8
[pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 334] <... futex resumed>) = 0
[pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 335] <... futex resumed>) = 1
[pid 335] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 334] <... futex resumed>) = 0
[pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 334] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 334] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[338]}, 88) = 338
[pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 334] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 334] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 335] <... futex resumed>) = 1
./strace-static-x86_64: Process 338 attached
[pid 335] write(4, 0x200000c0, 120 <unfinished ...>
[pid 338] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 338] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 335] <... write resumed>) = 120
[pid 338] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 335] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.563537][ T335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 23.582632][ T338] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 23.597705][ T338] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[pid 334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 334] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 334] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 338] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 338] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 338] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 334] exit_group(0 <unfinished ...>
[pid 335] <... futex resumed>) = ?
[pid 334] <... exit_group resumed>) = ?
[pid 335] +++ exited with 0 +++
[pid 338] <... futex resumed>) = ?
[pid 338] +++ exited with 0 +++
[pid 334] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 23.609800][ T338] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.609800][ T338]
[ 23.619298][ T338] EXT4-fs (loop0): Total free blocks count 0
[ 23.625270][ T338] EXT4-fs (loop0): Free/Dirty block details
[ 23.631059][ T338] EXT4-fs (loop0): free_blocks=2415919104
[ 23.636842][ T338] EXT4-fs (loop0): dirty_blocks=16
[ 23.641768][ T338] EXT4-fs (loop0): Block reservation details
[ 23.647606][ T338] EXT4-fs (loop0): i_reserved_data_blocks=1
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 340
./strace-static-x86_64: Process 340 attached
[pid 340] set_robust_list(0x555556cb7760, 24) = 0
[pid 340] chdir("./8") = 0
[pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 340] setpgid(0, 0) = 0
[pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 340] write(3, "1000", 4) = 4
[pid 340] close(3) = 0
[pid 340] symlink("/dev/binderfs", "./binderfs") = 0
[pid 340] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 340] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[341]}, 88) = 341
[pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 341 attached
<unfinished ...>
[pid 341] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 341] memfd_create("syzkaller", 0) = 3
[pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 341] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 341] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 341] close(3) = 0
[pid 341] close(4) = 0
[pid 341] mkdir("./file0", 0777) = 0
[ 23.670567][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 23.701843][ T341] loop0: detected capacity change from 0 to 2048
[pid 341] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 341] chdir("./file0") = 0
[pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 341] ioctl(4, LOOP_CLR_FD) = 0
[pid 341] close(4) = 0
[pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 340] <... futex resumed>) = 0
[pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 341] <... futex resumed>) = 1
[pid 341] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 340] <... futex resumed>) = 0
[pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 341] <... futex resumed>) = 1
[pid 341] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 340] <... futex resumed>) = 0
[pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 341] <... futex resumed>) = 1
[pid 341] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 340] <... futex resumed>) = 0
[pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 340] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[344]}, 88) = 344
[pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 340] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 340] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 341] <... futex resumed>) = 1
[pid 341] write(4, 0x200000c0, 120) = 120
[pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 341] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 344 attached
<unfinished ...>
[pid 344] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.714398][ T341] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 23.732891][ T344] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 23.747989][ T344] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 23.760060][ T344] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.760060][ T344]
[pid 340] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 344] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 344] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 344] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 340] exit_group(0 <unfinished ...>
[pid 341] <... futex resumed>) = ?
[pid 340] <... exit_group resumed>) = ?
[pid 341] +++ exited with 0 +++
[pid 344] <... futex resumed>) = ?
[pid 344] +++ exited with 0 +++
[pid 340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x555556cb7760, 24) = 0
[pid 345] chdir("./9") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 345] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 345] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[346]}, 88) = 346
[pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 346 attached
<unfinished ...>
[pid 346] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 346] memfd_create("syzkaller", 0) = 3
[pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 346] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.769474][ T344] EXT4-fs (loop0): Total free blocks count 0
[ 23.775277][ T344] EXT4-fs (loop0): Free/Dirty block details
[ 23.780981][ T344] EXT4-fs (loop0): free_blocks=2415919104
[ 23.786570][ T344] EXT4-fs (loop0): dirty_blocks=16
[ 23.791468][ T344] EXT4-fs (loop0): Block reservation details
[ 23.797309][ T344] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 23.810521][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 346] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 346] close(3) = 0
[pid 346] close(4) = 0
[pid 346] mkdir("./file0", 0777) = 0
[pid 346] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 346] chdir("./file0") = 0
[pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 346] ioctl(4, LOOP_CLR_FD) = 0
[pid 346] close(4) = 0
[pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 346] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 345] <... futex resumed>) = 0
[pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 346] <... futex resumed>) = 0
[pid 346] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 345] <... futex resumed>) = 0
[pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 346] <... futex resumed>) = 1
[pid 346] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 345] <... futex resumed>) = 0
[pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 346] <... futex resumed>) = 1
[pid 346] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 345] <... futex resumed>) = 0
[pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 345] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 345] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 346] <... futex resumed>) = 1
[pid 346] write(4, 0x200000c0, 120 <unfinished ...>
[pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} <unfinished ...>
[pid 346] <... write resumed>) = 120
[pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 345] <... clone3 resumed> => {parent_tid=[349]}, 88) = 349
[pid 346] <... futex resumed>) = 0
[pid 345] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 346] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 345] <... rt_sigprocmask resumed>NULL, 8) = 0
./strace-static-x86_64: Process 349 attached
[pid 345] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 349] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 345] <... futex resumed>) = 0
[pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 349] <... set_robust_list resumed>) = 0
[pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.834080][ T346] loop0: detected capacity change from 0 to 2048
[ 23.853710][ T346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 345] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 23.888994][ T349] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 23.904212][ T349] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 23.916218][ T349] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 23.916218][ T349]
[ 23.925690][ T349] EXT4-fs (loop0): Total free blocks count 0
[ 23.931448][ T349] EXT4-fs (loop0): Free/Dirty block details
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 349] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 349] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 349] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 345] exit_group(0 <unfinished ...>
[pid 346] <... futex resumed>) = ?
[pid 345] <... exit_group resumed>) = ?
[pid 346] +++ exited with 0 +++
[pid 349] <... futex resumed>) = ?
[pid 349] +++ exited with 0 +++
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 350
./strace-static-x86_64: Process 350 attached
[pid 350] set_robust_list(0x555556cb7760, 24) = 0
[pid 350] chdir("./10") = 0
[pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 350] setpgid(0, 0) = 0
[pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 350] write(3, "1000", 4) = 4
[pid 350] close(3) = 0
[pid 350] symlink("/dev/binderfs", "./binderfs") = 0
[pid 350] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 350] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[351]}, 88) = 351
./strace-static-x86_64: Process 351 attached
[pid 350] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 351] set_robust_list(0x7fcf97dd49a0, 24 <unfinished ...>
[pid 350] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 351] <... set_robust_list resumed>) = 0
[pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 351] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 23.937208][ T349] EXT4-fs (loop0): free_blocks=2415919104
[ 23.942757][ T349] EXT4-fs (loop0): dirty_blocks=16
[ 23.947675][ T349] EXT4-fs (loop0): Block reservation details
[ 23.953537][ T349] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 23.965561][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] close(3) = 0
[pid 351] close(4) = 0
[pid 351] mkdir("./file0", 0777) = 0
[pid 351] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("./file0") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] close(4) = 0
[pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 350] <... futex resumed>) = 0
[pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 351] <... futex resumed>) = 1
[pid 351] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 350] <... futex resumed>) = 0
[pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 351] <... futex resumed>) = 1
[pid 351] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 350] <... futex resumed>) = 0
[pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 351] <... futex resumed>) = 1
[pid 351] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 350] <... futex resumed>) = 0
[pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 350] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[354]}, 88) = 354
[pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 350] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 350] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 351] <... futex resumed>) = 1
[pid 351] write(4, 0x200000c0, 120) = 120
[pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 351] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 354 attached
<unfinished ...>
[pid 354] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 23.994212][ T351] loop0: detected capacity change from 0 to 2048
[ 24.014790][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 350] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 24.033497][ T354] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 24.048294][ T354] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 24.060336][ T354] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.060336][ T354]
[ 24.069798][ T354] EXT4-fs (loop0): Total free blocks count 0
[ 24.075720][ T354] EXT4-fs (loop0): Free/Dirty block details
[ 24.081505][ T354] EXT4-fs (loop0): free_blocks=2415919104
[ 24.087070][ T354] EXT4-fs (loop0): dirty_blocks=16
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 354] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 354] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 354] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 350] exit_group(0 <unfinished ...>
[pid 351] <... futex resumed>) = ?
[pid 350] <... exit_group resumed>) = ?
[pid 351] +++ exited with 0 +++
[pid 354] <... futex resumed>) = ?
[pid 354] +++ exited with 0 +++
[pid 350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 355
./strace-static-x86_64: Process 355 attached
[pid 355] set_robust_list(0x555556cb7760, 24) = 0
[pid 355] chdir("./11") = 0
[pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 355] setpgid(0, 0) = 0
[pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 355] write(3, "1000", 4) = 4
[pid 355] close(3) = 0
[pid 355] symlink("/dev/binderfs", "./binderfs") = 0
[pid 355] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 355] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[356]}, 88) = 356
./strace-static-x86_64: Process 356 attached
[pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 356] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 356] memfd_create("syzkaller", 0) = 3
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 356] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.091915][ T354] EXT4-fs (loop0): Block reservation details
[ 24.097752][ T354] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 24.111618][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 356] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 356] close(3) = 0
[pid 356] close(4) = 0
[pid 356] mkdir("./file0", 0777) = 0
[pid 356] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 356] chdir("./file0") = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 356] ioctl(4, LOOP_CLR_FD) = 0
[pid 356] close(4) = 0
[pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 355] <... futex resumed>) = 0
[pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 356] <... futex resumed>) = 1
[pid 356] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 355] <... futex resumed>) = 0
[pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 356] <... futex resumed>) = 1
[pid 356] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 355] <... futex resumed>) = 0
[pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 356] <... futex resumed>) = 1
[pid 356] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 355] <... futex resumed>) = 0
[pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 355] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[359]}, 88) = 359
[pid 355] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 359 attached
<unfinished ...>
[pid 356] <... futex resumed>) = 1
[pid 355] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 355] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 359] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 356] write(4, 0x200000c0, 120 <unfinished ...>
[pid 359] <... set_robust_list resumed>) = 0
[pid 355] <... futex resumed>) = 0
[pid 359] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 356] <... write resumed>) = 120
[pid 355] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 359] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[ 24.143000][ T356] loop0: detected capacity change from 0 to 2048
[ 24.163515][ T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 356] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 355] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 24.180719][ T359] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 24.195466][ T359] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 24.207599][ T359] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.207599][ T359]
[ 24.217108][ T359] EXT4-fs (loop0): Total free blocks count 0
[ 24.223037][ T359] EXT4-fs (loop0): Free/Dirty block details
[ 24.228733][ T359] EXT4-fs (loop0): free_blocks=2415919104
[ 24.234348][ T359] EXT4-fs (loop0): dirty_blocks=16
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 359] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 359] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 359] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 355] exit_group(0 <unfinished ...>
[pid 356] <... futex resumed>) = ?
[pid 355] <... exit_group resumed>) = ?
[pid 356] +++ exited with 0 +++
[pid 359] <... futex resumed>) = ?
[pid 359] +++ exited with 0 +++
[pid 355] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 361
./strace-static-x86_64: Process 361 attached
[pid 361] set_robust_list(0x555556cb7760, 24) = 0
[pid 361] chdir("./12") = 0
[pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 361] setpgid(0, 0) = 0
[pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 361] write(3, "1000", 4) = 4
[pid 361] close(3) = 0
[pid 361] symlink("/dev/binderfs", "./binderfs") = 0
[pid 361] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 361] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[362]}, 88) = 362
[pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 362 attached
<unfinished ...>
[pid 362] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 362] memfd_create("syzkaller", 0) = 3
[pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 362] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.239234][ T359] EXT4-fs (loop0): Block reservation details
[ 24.245106][ T359] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 24.259033][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 362] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 362] close(3) = 0
[pid 362] close(4) = 0
[pid 362] mkdir("./file0", 0777) = 0
[pid 362] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 362] chdir("./file0") = 0
[pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 362] ioctl(4, LOOP_CLR_FD) = 0
[pid 362] close(4) = 0
[pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 361] <... futex resumed>) = 0
[pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 362] <... futex resumed>) = 1
[pid 362] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 361] <... futex resumed>) = 0
[pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 362] <... futex resumed>) = 1
[pid 362] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 361] <... futex resumed>) = 0
[pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 362] <... futex resumed>) = 1
[pid 362] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 361] <... futex resumed>) = 0
[pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 361] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[365]}, 88) = 365
./strace-static-x86_64: Process 365 attached
[pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 361] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 361] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 362] <... futex resumed>) = 1
[pid 362] write(4, 0x200000c0, 120) = 120
[pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 362] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 365] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 24.283833][ T362] loop0: detected capacity change from 0 to 2048
[ 24.303541][ T362] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 361] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 361] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 24.322740][ T365] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 24.337575][ T365] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 24.349606][ T365] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.349606][ T365]
[ 24.359082][ T365] EXT4-fs (loop0): Total free blocks count 0
[ 24.364856][ T365] EXT4-fs (loop0): Free/Dirty block details
[ 24.370640][ T365] EXT4-fs (loop0): free_blocks=2415919104
[ 24.376378][ T365] EXT4-fs (loop0): dirty_blocks=16
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 365] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 365] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 365] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 361] exit_group(0 <unfinished ...>
[pid 362] <... futex resumed>) = ?
[pid 361] <... exit_group resumed>) = ?
[pid 365] <... futex resumed>) = ?
[pid 362] +++ exited with 0 +++
[pid 365] +++ exited with 0 +++
[pid 361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 367
./strace-static-x86_64: Process 367 attached
[pid 367] set_robust_list(0x555556cb7760, 24) = 0
[pid 367] chdir("./13") = 0
[pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 367] setpgid(0, 0) = 0
[pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 367] write(3, "1000", 4) = 4
[pid 367] close(3) = 0
[pid 367] symlink("/dev/binderfs", "./binderfs") = 0
[pid 367] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 367] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[368]}, 88) = 368
[pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 368 attached
<unfinished ...>
[pid 368] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 368] memfd_create("syzkaller", 0) = 3
[pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 368] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.381309][ T365] EXT4-fs (loop0): Block reservation details
[ 24.387156][ T365] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 24.399930][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 368] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 368] close(3) = 0
[pid 368] close(4) = 0
[pid 368] mkdir("./file0", 0777) = 0
[pid 368] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 368] chdir("./file0") = 0
[pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 368] ioctl(4, LOOP_CLR_FD) = 0
[pid 368] close(4) = 0
[pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 367] <... futex resumed>) = 0
[pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 368] <... futex resumed>) = 1
[pid 368] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 367] <... futex resumed>) = 0
[pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 368] <... futex resumed>) = 1
[pid 368] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 367] <... futex resumed>) = 0
[pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 368] <... futex resumed>) = 1
[pid 368] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 368] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 367] <... futex resumed>) = 0
[pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 367] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 367] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[371]}, 88) = 371
[pid 367] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 371 attached
<unfinished ...>
[pid 368] <... futex resumed>) = 0
[pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 371] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 368] write(4, 0x200000c0, 120) = 120
[pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 371] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 368] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 367] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 367] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 371] <... futex resumed>) = 0
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 24.426887][ T368] loop0: detected capacity change from 0 to 2048
[ 24.444028][ T368] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.461436][ T371] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 24.476692][ T371] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 24.488936][ T371] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.488936][ T371]
[ 24.498637][ T371] EXT4-fs (loop0): Total free blocks count 0
[ 24.504453][ T371] EXT4-fs (loop0): Free/Dirty block details
[ 24.510138][ T371] EXT4-fs (loop0): free_blocks=2415919104
[ 24.515846][ T371] EXT4-fs (loop0): dirty_blocks=16
[ 24.520776][ T371] EXT4-fs (loop0): Block reservation details
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 371] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 371] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 371] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 367] exit_group(0 <unfinished ...>
[pid 368] <... futex resumed>) = ?
[pid 367] <... exit_group resumed>) = ?
[pid 368] +++ exited with 0 +++
[pid 371] <... futex resumed>) = ?
[pid 371] +++ exited with 0 +++
[pid 367] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 372
./strace-static-x86_64: Process 372 attached
[pid 372] set_robust_list(0x555556cb7760, 24) = 0
[pid 372] chdir("./14") = 0
[pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 372] setpgid(0, 0) = 0
[pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 372] write(3, "1000", 4) = 4
[pid 372] close(3) = 0
[pid 372] symlink("/dev/binderfs", "./binderfs") = 0
[pid 372] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 372] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[373]}, 88) = 373
[pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 373 attached
<unfinished ...>
[pid 373] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 373] memfd_create("syzkaller", 0) = 3
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 373] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.526642][ T371] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 24.541464][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 373] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 373] close(3) = 0
[pid 373] close(4) = 0
[pid 373] mkdir("./file0", 0777) = 0
[pid 373] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 373] chdir("./file0") = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 373] ioctl(4, LOOP_CLR_FD) = 0
[pid 373] close(4) = 0
[pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 372] <... futex resumed>) = 0
[pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 373] <... futex resumed>) = 1
[pid 373] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 372] <... futex resumed>) = 0
[pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 373] <... futex resumed>) = 1
[pid 373] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 372] <... futex resumed>) = 0
[pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 373] <... futex resumed>) = 1
[pid 373] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 372] <... futex resumed>) = 0
[pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 372] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[376]}, 88) = 376
[pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 372] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 372] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 373] <... futex resumed>) = 1
[pid 373] write(4, 0x200000c0, 120) = 120
[pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 373] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 376 attached
<unfinished ...>
[pid 376] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 24.570662][ T373] loop0: detected capacity change from 0 to 2048
[ 24.583888][ T373] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.601589][ T376] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 372] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 372] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 24.616473][ T376] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 24.628619][ T376] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.628619][ T376]
[ 24.638512][ T376] EXT4-fs (loop0): Total free blocks count 0
[ 24.644336][ T376] EXT4-fs (loop0): Free/Dirty block details
[ 24.650048][ T376] EXT4-fs (loop0): free_blocks=2415919104
[ 24.655778][ T376] EXT4-fs (loop0): dirty_blocks=16
[ 24.660710][ T376] EXT4-fs (loop0): Block reservation details
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 376] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 376] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 372] exit_group(0 <unfinished ...>
[pid 373] <... futex resumed>) = ?
[pid 372] <... exit_group resumed>) = ?
[pid 373] +++ exited with 0 +++
[pid 376] <... futex resumed>) = ?
[pid 376] +++ exited with 0 +++
[pid 372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 377
./strace-static-x86_64: Process 377 attached
[pid 377] set_robust_list(0x555556cb7760, 24) = 0
[pid 377] chdir("./15") = 0
[pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 377] setpgid(0, 0) = 0
[pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 377] write(3, "1000", 4) = 4
[pid 377] close(3) = 0
[pid 377] symlink("/dev/binderfs", "./binderfs") = 0
[pid 377] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 377] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[378]}, 88) = 378
[pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 378 attached
<unfinished ...>
[pid 378] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 378] memfd_create("syzkaller", 0) = 3
[pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 378] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 378] close(3) = 0
[pid 378] close(4) = 0
[pid 378] mkdir("./file0", 0777) = 0
[ 24.666569][ T376] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 24.679867][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.710802][ T378] loop0: detected capacity change from 0 to 2048
[pid 378] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 378] chdir("./file0") = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_CLR_FD) = 0
[pid 378] close(4) = 0
[pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 378] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 377] <... futex resumed>) = 0
[pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 378] <... futex resumed>) = 0
[pid 378] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 377] <... futex resumed>) = 0
[pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 378] <... futex resumed>) = 1
[pid 378] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 377] <... futex resumed>) = 0
[pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 378] <... futex resumed>) = 1
[pid 378] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 377] <... futex resumed>) = 0
[pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 377] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[381]}, 88) = 381
./strace-static-x86_64: Process 381 attached
[pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 377] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 377] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 378] <... futex resumed>) = 1
[pid 378] write(4, 0x200000c0, 120) = 120
[pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 378] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 381] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 24.723841][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.742611][ T381] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 24.757412][ T381] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[pid 377] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 377] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 381] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 381] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 381] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 377] exit_group(0 <unfinished ...>
[pid 378] <... futex resumed>) = ?
[pid 377] <... exit_group resumed>) = ?
[pid 378] +++ exited with 0 +++
[pid 381] <... futex resumed>) = ?
[pid 381] +++ exited with 0 +++
[pid 377] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
[ 24.769600][ T381] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.769600][ T381]
[ 24.779245][ T381] EXT4-fs (loop0): Total free blocks count 0
[ 24.785239][ T381] EXT4-fs (loop0): Free/Dirty block details
[ 24.791080][ T381] EXT4-fs (loop0): free_blocks=2415919104
[ 24.796794][ T381] EXT4-fs (loop0): dirty_blocks=16
[ 24.801723][ T381] EXT4-fs (loop0): Block reservation details
[ 24.807566][ T381] EXT4-fs (loop0): i_reserved_data_blocks=1
umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 382
./strace-static-x86_64: Process 382 attached
[pid 382] set_robust_list(0x555556cb7760, 24) = 0
[pid 382] chdir("./16") = 0
[pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 382] setpgid(0, 0) = 0
[pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 382] write(3, "1000", 4) = 4
[pid 382] close(3) = 0
[pid 382] symlink("/dev/binderfs", "./binderfs") = 0
[pid 382] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 382] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[383]}, 88) = 383
[pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached
<unfinished ...>
[pid 383] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 383] memfd_create("syzkaller", 0) = 3
[pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 383] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.822729][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 383] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 383] close(3) = 0
[pid 383] close(4) = 0
[pid 383] mkdir("./file0", 0777) = 0
[pid 383] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 383] chdir("./file0") = 0
[pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 383] ioctl(4, LOOP_CLR_FD) = 0
[pid 383] close(4) = 0
[pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 382] <... futex resumed>) = 0
[pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 383] <... futex resumed>) = 1
[pid 383] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 382] <... futex resumed>) = 0
[pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 383] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 382] <... futex resumed>) = 0
[pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 383] <... futex resumed>) = 1
[pid 383] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 382] <... futex resumed>) = 0
[pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 382] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[386]}, 88) = 386
[pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 382] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 382] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 383] <... futex resumed>) = 1
[pid 383] write(4, 0x200000c0, 120./strace-static-x86_64: Process 386 attached
) = 120
[pid 386] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[ 24.852292][ T383] loop0: detected capacity change from 0 to 2048
[ 24.867027][ T383] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 24.882922][ T386] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 383] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 382] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[ 24.897667][ T386] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 24.909846][ T386] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 24.909846][ T386]
[ 24.919399][ T386] EXT4-fs (loop0): Total free blocks count 0
[ 24.925221][ T386] EXT4-fs (loop0): Free/Dirty block details
[ 24.930927][ T386] EXT4-fs (loop0): free_blocks=2415919104
[ 24.936527][ T386] EXT4-fs (loop0): dirty_blocks=16
[ 24.941424][ T386] EXT4-fs (loop0): Block reservation details
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 386] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 386] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 386] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 382] exit_group(0) = ?
[pid 386] <... futex resumed>) = ?
[pid 386] +++ exited with 0 +++
[pid 383] <... futex resumed>) = ?
[pid 383] +++ exited with 0 +++
[pid 382] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 387
./strace-static-x86_64: Process 387 attached
[pid 387] set_robust_list(0x555556cb7760, 24) = 0
[pid 387] chdir("./17") = 0
[pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 387] setpgid(0, 0) = 0
[pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 387] write(3, "1000", 4) = 4
[pid 387] close(3) = 0
[pid 387] symlink("/dev/binderfs", "./binderfs") = 0
[pid 387] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 387] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[388]}, 88) = 388
[pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 388 attached
<unfinished ...>
[pid 388] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 388] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[pid 388] close(4) = 0
[pid 388] mkdir("./file0", 0777) = 0
[pid 388] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("./file0") = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 387] <... futex resumed>) = 0
[pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 388] <... futex resumed>) = 1
[pid 388] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 387] <... futex resumed>) = 0
[pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 388] <... futex resumed>) = 1
[pid 388] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 387] <... futex resumed>) = 0
[pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 388] <... futex resumed>) = 1
[pid 388] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 387] <... futex resumed>) = 0
[pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 387] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[391]}, 88) = 391
[pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 387] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 387] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 388] <... futex resumed>) = 1
[pid 388] write(4, 0x200000c0, 120) = 120
[pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 391 attached
) = 0
[pid 388] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 391] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 24.947264][ T386] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 24.959505][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 24.982930][ T388] loop0: detected capacity change from 0 to 2048
[ 24.994512][ T388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 387] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 387] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 25.012782][ T391] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 25.027750][ T391] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 25.039805][ T391] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.039805][ T391]
[ 25.049261][ T391] EXT4-fs (loop0): Total free blocks count 0
[ 25.055167][ T391] EXT4-fs (loop0): Free/Dirty block details
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 391] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 391] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 391] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 387] exit_group(0 <unfinished ...>
[pid 388] <... futex resumed>) = ?
[pid 388] +++ exited with 0 +++
[pid 387] <... exit_group resumed>) = ?
[pid 391] <... futex resumed>) = ?
[pid 391] +++ exited with 0 +++
[pid 387] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 392
./strace-static-x86_64: Process 392 attached
[pid 392] set_robust_list(0x555556cb7760, 24) = 0
[pid 392] chdir("./18") = 0
[pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 392] setpgid(0, 0) = 0
[pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 392] write(3, "1000", 4) = 4
[pid 392] close(3) = 0
[pid 392] symlink("/dev/binderfs", "./binderfs") = 0
[pid 392] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 392] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[393]}, 88) = 393
[pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 393 attached
<unfinished ...>
[pid 393] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 393] memfd_create("syzkaller", 0) = 3
[pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 393] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.061300][ T391] EXT4-fs (loop0): free_blocks=2415919104
[ 25.067061][ T391] EXT4-fs (loop0): dirty_blocks=16
[ 25.072077][ T391] EXT4-fs (loop0): Block reservation details
[ 25.077962][ T391] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 25.100597][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 393] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 393] close(3) = 0
[pid 393] close(4) = 0
[pid 393] mkdir("./file0", 0777) = 0
[pid 393] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 393] chdir("./file0") = 0
[pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 393] ioctl(4, LOOP_CLR_FD) = 0
[pid 393] close(4) = 0
[pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 393] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 392] <... futex resumed>) = 0
[pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 393] <... futex resumed>) = 0
[pid 393] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 392] <... futex resumed>) = 0
[pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 393] <... futex resumed>) = 1
[pid 393] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 392] <... futex resumed>) = 0
[pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 393] <... futex resumed>) = 1
[pid 393] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 392] <... futex resumed>) = 0
[pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 392] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 393] <... futex resumed>) = 1
[pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} <unfinished ...>
[pid 393] write(4, 0x200000c0, 120 <unfinished ...>
[pid 392] <... clone3 resumed> => {parent_tid=[396]}, 88) = 396
./strace-static-x86_64: Process 396 attached
[pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 392] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 392] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 393] <... write resumed>) = 120
[pid 396] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 396] <... set_robust_list resumed>) = 0
[pid 393] <... futex resumed>) = 0
[pid 396] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 393] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 25.129243][ T393] loop0: detected capacity change from 0 to 2048
[ 25.143622][ T393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.161180][ T396] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 392] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 25.177137][ T396] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 25.189340][ T396] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.189340][ T396]
[ 25.199087][ T396] EXT4-fs (loop0): Total free blocks count 0
[ 25.205028][ T396] EXT4-fs (loop0): Free/Dirty block details
[ 25.210748][ T396] EXT4-fs (loop0): free_blocks=2415919104
[ 25.216451][ T396] EXT4-fs (loop0): dirty_blocks=16
[ 25.221392][ T396] EXT4-fs (loop0): Block reservation details
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 396] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 396] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 396] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 392] exit_group(0 <unfinished ...>
[pid 393] <... futex resumed>) = ?
[pid 392] <... exit_group resumed>) = ?
[pid 393] +++ exited with 0 +++
[pid 396] <... futex resumed>) = ?
[pid 396] +++ exited with 0 +++
[pid 392] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 398
./strace-static-x86_64: Process 398 attached
[pid 398] set_robust_list(0x555556cb7760, 24) = 0
[pid 398] chdir("./19") = 0
[pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 398] setpgid(0, 0) = 0
[pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 398] write(3, "1000", 4) = 4
[pid 398] close(3) = 0
[pid 398] symlink("/dev/binderfs", "./binderfs") = 0
[pid 398] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 398] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[399]}, 88) = 399
./strace-static-x86_64: Process 399 attached
[pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 399] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 399] memfd_create("syzkaller", 0) = 3
[pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 399] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.227257][ T396] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 25.240329][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 399] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 399] close(3) = 0
[pid 399] close(4) = 0
[pid 399] mkdir("./file0", 0777) = 0
[pid 399] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 399] chdir("./file0") = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 399] ioctl(4, LOOP_CLR_FD) = 0
[pid 399] close(4) = 0
[pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 398] <... futex resumed>) = 0
[pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 399] <... futex resumed>) = 1
[pid 399] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 398] <... futex resumed>) = 0
[pid 399] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 399] <... futex resumed>) = 0
[pid 399] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 398] <... futex resumed>) = 0
[pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 399] <... futex resumed>) = 1
[pid 399] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 398] <... futex resumed>) = 0
[pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 398] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid 399] <... futex resumed>) = 1
[pid 398] <... mprotect resumed>) = 0
[pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[402]}, 88) = 402
./strace-static-x86_64: Process 402 attached
[pid 399] write(4, 0x200000c0, 120 <unfinished ...>
[pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 398] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 398] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 402] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 399] <... write resumed>) = 120
[pid 402] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 402] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[pid 399] <... futex resumed>) = 0
[ 25.272709][ T399] loop0: detected capacity change from 0 to 2048
[ 25.284280][ T399] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.302978][ T402] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 399] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 398] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 402] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 402] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 402] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 398] exit_group(0 <unfinished ...>
[pid 402] <... futex resumed>) = ?
[pid 399] <... futex resumed>) = ?
[pid 398] <... exit_group resumed>) = ?
[pid 399] +++ exited with 0 +++
[pid 402] +++ exited with 0 +++
[pid 398] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
[ 25.317778][ T402] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 25.329796][ T402] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.329796][ T402]
[ 25.339269][ T402] EXT4-fs (loop0): Total free blocks count 0
[ 25.345064][ T402] EXT4-fs (loop0): Free/Dirty block details
[ 25.350760][ T402] EXT4-fs (loop0): free_blocks=2415919104
[ 25.356366][ T402] EXT4-fs (loop0): dirty_blocks=16
[ 25.361257][ T402] EXT4-fs (loop0): Block reservation details
[ 25.367100][ T402] EXT4-fs (loop0): i_reserved_data_blocks=1
umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 403
./strace-static-x86_64: Process 403 attached
[pid 403] set_robust_list(0x555556cb7760, 24) = 0
[pid 403] chdir("./20") = 0
[pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 403] setpgid(0, 0) = 0
[pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 403] write(3, "1000", 4) = 4
[pid 403] close(3) = 0
[pid 403] symlink("/dev/binderfs", "./binderfs") = 0
[pid 403] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 403] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 403] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[404]}, 88) = 404
[pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 404 attached
<unfinished ...>
[pid 404] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 404] memfd_create("syzkaller", 0) = 3
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 404] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 404] close(3) = 0
[pid 404] close(4) = 0
[pid 404] mkdir("./file0", 0777) = 0
[ 25.390375][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 25.414641][ T404] loop0: detected capacity change from 0 to 2048
[pid 404] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 404] chdir("./file0") = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_CLR_FD) = 0
[pid 404] close(4) = 0
[pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 404] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 403] <... futex resumed>) = 0
[pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 404] <... futex resumed>) = 0
[pid 404] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 403] <... futex resumed>) = 0
[pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 404] <... futex resumed>) = 1
[pid 404] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 403] <... futex resumed>) = 0
[pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 404] <... futex resumed>) = 1
[pid 404] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 403] <... futex resumed>) = 0
[pid 404] write(4, 0x200000c0, 120 <unfinished ...>
[pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 403] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 404] <... write resumed>) = 120
[pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 403] <... mmap resumed>) = 0x7fcf97d93000
[pid 404] <... futex resumed>) = 0
[pid 403] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid 404] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 403] <... mprotect resumed>) = 0
[pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0}./strace-static-x86_64: Process 407 attached
=> {parent_tid=[407]}, 88) = 407
[pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 403] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 403] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 407] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 25.443760][ T404] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.461460][ T407] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 25.476440][ T407] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[pid 403] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 407] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 407] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 407] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 403] exit_group(0 <unfinished ...>
[pid 407] <... futex resumed>) = ?
[pid 404] <... futex resumed>) = ?
[pid 403] <... exit_group resumed>) = ?
[pid 407] +++ exited with 0 +++
[pid 404] +++ exited with 0 +++
[pid 403] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=403, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
[ 25.488481][ T407] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.488481][ T407]
[ 25.497917][ T407] EXT4-fs (loop0): Total free blocks count 0
[ 25.503716][ T407] EXT4-fs (loop0): Free/Dirty block details
[ 25.509418][ T407] EXT4-fs (loop0): free_blocks=2415919104
[ 25.515011][ T407] EXT4-fs (loop0): dirty_blocks=16
[ 25.519924][ T407] EXT4-fs (loop0): Block reservation details
[ 25.525767][ T407] EXT4-fs (loop0): i_reserved_data_blocks=1
umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 408
./strace-static-x86_64: Process 408 attached
[pid 408] set_robust_list(0x555556cb7760, 24) = 0
[pid 408] chdir("./21") = 0
[pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 408] setpgid(0, 0) = 0
[pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 408] write(3, "1000", 4) = 4
[pid 408] close(3) = 0
[pid 408] symlink("/dev/binderfs", "./binderfs") = 0
[pid 408] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 408] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[409]}, 88) = 409
[pid 408] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 409 attached
NULL, 8) = 0
[pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 409] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 409] memfd_create("syzkaller", 0) = 3
[pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 409] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 409] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 409] close(3) = 0
[pid 409] close(4) = 0
[pid 409] mkdir("./file0", 0777) = 0
[ 25.549490][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 25.580714][ T409] loop0: detected capacity change from 0 to 2048
[pid 409] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 409] chdir("./file0") = 0
[pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 409] ioctl(4, LOOP_CLR_FD) = 0
[pid 409] close(4) = 0
[pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 409] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 408] <... futex resumed>) = 0
[pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 409] <... futex resumed>) = 0
[pid 409] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 408] <... futex resumed>) = 0
[pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 409] <... futex resumed>) = 1
[pid 409] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 408] <... futex resumed>) = 0
[pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 409] <... futex resumed>) = 1
[pid 409] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 408] <... futex resumed>) = 0
[pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 408] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[412]}, 88) = 412
[pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 408] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 408] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 412 attached
<unfinished ...>
[pid 409] <... futex resumed>) = 1
[pid 412] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 409] write(4, 0x200000c0, 120 <unfinished ...>
[pid 412] <... set_robust_list resumed>) = 0
[pid 409] <... write resumed>) = 120
[pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 409] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 25.594638][ T409] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 25.611729][ T412] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 25.626602][ T412] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 25.638843][ T412] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.638843][ T412]
[pid 408] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 412] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 412] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 412] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 408] exit_group(0 <unfinished ...>
[pid 409] <... futex resumed>) = ?
[pid 408] <... exit_group resumed>) = ?
[pid 409] +++ exited with 0 +++
[pid 412] <... futex resumed>) = ?
[pid 412] +++ exited with 0 +++
[pid 408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 413
./strace-static-x86_64: Process 413 attached
[pid 413] set_robust_list(0x555556cb7760, 24) = 0
[pid 413] chdir("./22") = 0
[pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 413] setpgid(0, 0) = 0
[pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 413] write(3, "1000", 4) = 4
[pid 413] close(3) = 0
[pid 413] symlink("/dev/binderfs", "./binderfs") = 0
[pid 413] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 413] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0}./strace-static-x86_64: Process 414 attached
=> {parent_tid=[414]}, 88) = 414
[pid 414] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 414] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 414] <... futex resumed>) = 0
[pid 414] memfd_create("syzkaller", 0) = 3
[pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 414] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.648361][ T412] EXT4-fs (loop0): Total free blocks count 0
[ 25.654248][ T412] EXT4-fs (loop0): Free/Dirty block details
[ 25.659958][ T412] EXT4-fs (loop0): free_blocks=2415919104
[ 25.665639][ T412] EXT4-fs (loop0): dirty_blocks=16
[ 25.670565][ T412] EXT4-fs (loop0): Block reservation details
[ 25.676440][ T412] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 25.689853][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 414] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 414] close(3) = 0
[pid 414] close(4) = 0
[pid 414] mkdir("./file0", 0777) = 0
[pid 414] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 414] chdir("./file0") = 0
[pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 414] ioctl(4, LOOP_CLR_FD) = 0
[pid 414] close(4) = 0
[pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 413] <... futex resumed>) = 0
[pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 414] <... futex resumed>) = 1
[pid 414] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 413] <... futex resumed>) = 0
[pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 414] <... futex resumed>) = 1
[pid 414] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 413] <... futex resumed>) = 0
[pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 414] <... futex resumed>) = 1
[pid 414] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 413] <... futex resumed>) = 0
[pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 413] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[417]}, 88) = 417
[pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 413] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 413] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 414] <... futex resumed>) = 1
[pid 414] write(4, 0x200000c0, 120) = 120
[pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 414] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 417 attached
<unfinished ...>
[pid 417] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 25.720828][ T414] loop0: detected capacity change from 0 to 2048
[ 25.744238][ T414] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 413] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 25.758826][ T417] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 25.773831][ T417] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 25.785901][ T417] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.785901][ T417]
[ 25.795309][ T417] EXT4-fs (loop0): Total free blocks count 0
[ 25.801088][ T417] EXT4-fs (loop0): Free/Dirty block details
[ 25.806905][ T417] EXT4-fs (loop0): free_blocks=2415919104
[ 25.812684][ T417] EXT4-fs (loop0): dirty_blocks=16
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 417] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 417] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 417] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 413] exit_group(0 <unfinished ...>
[pid 414] <... futex resumed>) = ?
[pid 413] <... exit_group resumed>) = ?
[pid 414] +++ exited with 0 +++
[pid 417] <... futex resumed>) = ?
[pid 417] +++ exited with 0 +++
[pid 413] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 418
./strace-static-x86_64: Process 418 attached
[pid 418] set_robust_list(0x555556cb7760, 24) = 0
[pid 418] chdir("./23") = 0
[pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 418] setpgid(0, 0) = 0
[pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 418] write(3, "1000", 4) = 4
[pid 418] close(3) = 0
[pid 418] symlink("/dev/binderfs", "./binderfs") = 0
[pid 418] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 418] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[419]}, 88) = 419
./strace-static-x86_64: Process 419 attached
[pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 419] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 419] memfd_create("syzkaller", 0) = 3
[pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 419] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.817610][ T417] EXT4-fs (loop0): Block reservation details
[ 25.823555][ T417] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 25.837140][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 419] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 419] close(3) = 0
[pid 419] close(4) = 0
[pid 419] mkdir("./file0", 0777) = 0
[pid 419] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 419] chdir("./file0") = 0
[pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 419] ioctl(4, LOOP_CLR_FD) = 0
[pid 419] close(4) = 0
[pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 419] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 418] <... futex resumed>) = 0
[pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 419] <... futex resumed>) = 0
[pid 419] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 418] <... futex resumed>) = 0
[pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 419] <... futex resumed>) = 1
[pid 419] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 418] <... futex resumed>) = 0
[pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 419] <... futex resumed>) = 1
[pid 419] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 418] <... futex resumed>) = 0
[pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 418] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[422]}, 88) = 422
[pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 418] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 418] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 419] <... futex resumed>) = 1
./strace-static-x86_64: Process 422 attached
[pid 419] write(4, 0x200000c0, 120) = 120
[pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 422] set_robust_list(0x7fcf97db39a0, 24 <unfinished ...>
[pid 419] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 422] <... set_robust_list resumed>) = 0
[pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 25.872062][ T419] loop0: detected capacity change from 0 to 2048
[ 25.884135][ T419] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 418] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[ 25.911599][ T422] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 25.926609][ T422] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 25.938842][ T422] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 25.938842][ T422]
[ 25.948420][ T422] EXT4-fs (loop0): Total free blocks count 0
[ 25.954313][ T422] EXT4-fs (loop0): Free/Dirty block details
[ 25.960139][ T422] EXT4-fs (loop0): free_blocks=2415919104
[ 25.965789][ T422] EXT4-fs (loop0): dirty_blocks=16
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 422] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 422] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 418] exit_group(0 <unfinished ...>
[pid 422] <... futex resumed>) = 0
[pid 422] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ?
[pid 418] <... exit_group resumed>) = ?
[pid 422] +++ exited with 0 +++
[pid 419] <... futex resumed>) = ?
[pid 419] +++ exited with 0 +++
[pid 418] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=9} ---
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 423
./strace-static-x86_64: Process 423 attached
[pid 423] set_robust_list(0x555556cb7760, 24) = 0
[pid 423] chdir("./24") = 0
[pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 423] setpgid(0, 0) = 0
[pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 423] write(3, "1000", 4) = 4
[pid 423] close(3) = 0
[pid 423] symlink("/dev/binderfs", "./binderfs") = 0
[pid 423] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 423] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[424]}, 88) = 424
./strace-static-x86_64: Process 424 attached
[pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid 424] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 424] memfd_create("syzkaller", 0) = 3
[pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 424] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 25.970713][ T422] EXT4-fs (loop0): Block reservation details
[ 25.976578][ T422] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 26.001202][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 424] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 424] close(3) = 0
[pid 424] close(4) = 0
[pid 424] mkdir("./file0", 0777) = 0
[pid 424] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 424] chdir("./file0") = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 424] ioctl(4, LOOP_CLR_FD) = 0
[pid 424] close(4) = 0
[pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 424] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 423] <... futex resumed>) = 0
[pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 424] <... futex resumed>) = 0
[pid 424] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 423] <... futex resumed>) = 0
[pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 424] <... futex resumed>) = 1
[pid 424] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 423] <... futex resumed>) = 0
[pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 424] <... futex resumed>) = 1
[pid 424] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 423] <... futex resumed>) = 0
[pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 423] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[427]}, 88) = 427
[pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 423] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 423] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 424] <... futex resumed>) = 1
[pid 424] write(4, 0x200000c0, 120) = 120
[pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 424] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 427 attached
<unfinished ...>
[pid 427] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 26.031646][ T424] loop0: detected capacity change from 0 to 2048
[ 26.043912][ T424] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.061458][ T427] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid 423] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 423] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 423] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 427] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 427] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 427] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 423] exit_group(0 <unfinished ...>
[pid 424] <... futex resumed>) = ?
[pid 423] <... exit_group resumed>) = ?
[pid 424] +++ exited with 0 +++
[pid 427] <... futex resumed>) = ?
[pid 427] +++ exited with 0 +++
[pid 423] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
[ 26.076756][ T427] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 26.088896][ T427] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 26.088896][ T427]
[ 26.098343][ T427] EXT4-fs (loop0): Total free blocks count 0
[ 26.104150][ T427] EXT4-fs (loop0): Free/Dirty block details
[ 26.109850][ T427] EXT4-fs (loop0): free_blocks=2415919104
[ 26.115650][ T427] EXT4-fs (loop0): dirty_blocks=16
[ 26.120582][ T427] EXT4-fs (loop0): Block reservation details
[ 26.126435][ T427] EXT4-fs (loop0): i_reserved_data_blocks=1
umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 428
./strace-static-x86_64: Process 428 attached
[pid 428] set_robust_list(0x555556cb7760, 24) = 0
[pid 428] chdir("./25") = 0
[pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 428] setpgid(0, 0) = 0
[pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 428] write(3, "1000", 4) = 4
[pid 428] close(3) = 0
[pid 428] symlink("/dev/binderfs", "./binderfs") = 0
[pid 428] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 428] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[429]}, 88) = 429
[pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 429 attached
<unfinished ...>
[pid 429] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 429] memfd_create("syzkaller", 0) = 3
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 429] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 429] close(3) = 0
[pid 429] close(4) = 0
[pid 429] mkdir("./file0", 0777) = 0
[pid 429] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 429] chdir("./file0") = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_CLR_FD) = 0
[pid 429] close(4) = 0
[pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 428] <... futex resumed>) = 0
[pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 429] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 428] <... futex resumed>) = 0
[pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 429] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 428] <... futex resumed>) = 0
[pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 429] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 428] <... futex resumed>) = 0
[pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 429] write(4, 0x200000c0, 120 <unfinished ...>
[pid 428] <... futex resumed>) = 0
[pid 428] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 428] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[432]}, 88) = 432
[pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 428] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 428] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 429] <... write resumed>) = 120
[pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 432 attached
[pid 429] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 432] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[ 26.139760][ T294] EXT4-fs (loop0): unmounting filesystem.
[ 26.163878][ T429] loop0: detected capacity change from 0 to 2048
[ 26.174026][ T429] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 428] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 26.193310][ T432] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 26.208322][ T432] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[ 26.220337][ T432] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 26.220337][ T432]
[ 26.230130][ T432] EXT4-fs (loop0): Total free blocks count 0
[ 26.236116][ T432] EXT4-fs (loop0): Free/Dirty block details
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 432] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 432] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 432] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 428] exit_group(0 <unfinished ...>
[pid 429] <... futex resumed>) = ?
[pid 428] <... exit_group resumed>) = ?
[pid 429] +++ exited with 0 +++
[pid 432] <... futex resumed>) = ?
[pid 432] +++ exited with 0 +++
[pid 428] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 434
./strace-static-x86_64: Process 434 attached
[pid 434] set_robust_list(0x555556cb7760, 24) = 0
[pid 434] chdir("./26") = 0
[pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 434] setpgid(0, 0) = 0
[pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 434] write(3, "1000", 4) = 4
[pid 434] close(3) = 0
[pid 434] symlink("/dev/binderfs", "./binderfs") = 0
[pid 434] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 434] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0
[pid 434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000
[pid 434] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[435]}, 88) = 435
[pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 435 attached
<unfinished ...>
[pid 435] set_robust_list(0x7fcf97dd49a0, 24) = 0
[pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 435] memfd_create("syzkaller", 0) = 3
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000
[pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 435] munmap(0x7fcf8f9b4000, 138412032) = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.242389][ T432] EXT4-fs (loop0): free_blocks=2415919104
[ 26.247932][ T432] EXT4-fs (loop0): dirty_blocks=16
[ 26.253058][ T432] EXT4-fs (loop0): Block reservation details
[ 26.258846][ T432] EXT4-fs (loop0): i_reserved_data_blocks=1
[ 26.271412][ T294] EXT4-fs (loop0): unmounting filesystem.
[pid 435] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 435] close(3) = 0
[pid 435] close(4) = 0
[pid 435] mkdir("./file0", 0777) = 0
[pid 435] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 435] chdir("./file0") = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_CLR_FD) = 0
[pid 435] close(4) = 0
[pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 434] <... futex resumed>) = 0
[pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 435] <... futex resumed>) = 1
[pid 435] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 434] <... futex resumed>) = 0
[pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 435] <... futex resumed>) = 1
[pid 435] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8
[pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 435] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 434] <... futex resumed>) = 0
[pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 435] <... futex resumed>) = 0
[pid 435] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 435] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 434] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 435] write(4, 0x200000c0, 120 <unfinished ...>
[pid 434] <... futex resumed>) = 0
[pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000
[pid 434] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[438]}, 88) = 438
[pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 434] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 434] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 438 attached
<unfinished ...>
[pid 438] set_robust_list(0x7fcf97db39a0, 24) = 0
[pid 438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} ---
[pid 435] <... write resumed>) = 120
[pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 435] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} ---
[pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} ---
[pid 438] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address)
[pid 438] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 434] <... futex resumed>) = 0
[pid 434] exit_group(0) = ?
[pid 435] <... futex resumed>) = ?
[pid 438] +++ exited with 0 +++
[pid 435] +++ exited with 0 +++
[pid 434] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=434, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
[ 26.301395][ T435] loop0: detected capacity change from 0 to 2048
[ 26.314734][ T435] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 26.333424][ T438] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 26.354839][ T312] ------------[ cut here ]------------
[ 26.360142][ T312] kernel BUG at fs/ext4/inode.c:2749!
[ 26.365617][ T312] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 26.371489][ T312] CPU: 1 PID: 312 Comm: kworker/u4:3 Not tainted 6.1.75-syzkaller-00045-g503add184388 #0
[ 26.381120][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 26.391015][ T312] Workqueue: writeback wb_workfn (flush-7:0)
[ 26.396830][ T312] RIP: 0010:ext4_writepages+0x3fab/0x3fd0
[ 26.402523][ T312] Code: 43 81 ff 31 ff 89 de e8 23 43 81 ff 45 84 f6 75 2a e8 89 40 81 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 75 40 81 ff <0f> 0b e8 6e 40 81 ff e8 25 52 0c ff e9 46 c3 ff ff e8 5f 40 81 ff
[ 26.421968][ T312] RSP: 0018:ffffc90000e87000 EFLAGS: 00010293
[ 26.427867][ T312] RAX: ffffffff81f42ddb RBX: 0000008000000000 RCX: ffff88810ba71440
[ 26.435674][ T312] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
[ 26.443589][ T312] RBP: ffffc90000e87410 R08: ffffffff81f3f53b R09: ffffed102178e2e7
[ 26.451397][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112a8a000
[ 26.459333][ T312] R13: ffff88810bc71870 R14: 000000c410000000 R15: ffffc90000e872e0
[ 26.467136][ T312] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 26.475902][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 26.482324][ T312] CR2: 0000555556cc07f8 CR3: 0000000122679000 CR4: 00000000003506a0
[ 26.490139][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.497957][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.505759][ T312] Call Trace:
[ 26.508893][ T312] <TASK>
[ 26.511662][ T312] ? __die_body+0x62/0xb0
[ 26.515829][ T312] ? die+0x88/0xb0
[ 26.519386][ T312] ? do_trap+0x103/0x330
[ 26.523467][ T312] ? ext4_writepages+0x3fab/0x3fd0
[ 26.528412][ T312] ? handle_invalid_op+0x95/0xc0
[ 26.533185][ T312] ? ext4_writepages+0x3fab/0x3fd0
[ 26.538132][ T312] ? exc_invalid_op+0x32/0x50
[ 26.542644][ T312] ? asm_exc_invalid_op+0x1b/0x20
[ 26.547506][ T312] ? ext4_writepages+0x70b/0x3fd0
[ 26.552380][ T312] ? ext4_writepages+0x3fab/0x3fd0
[ 26.557313][ T312] ? ext4_writepages+0x3fab/0x3fd0
[ 26.562270][ T312] ? psi_task_change+0x1d3/0x360
[ 26.567035][ T312] ? ext4_read_folio+0x240/0x240
[ 26.571806][ T312] ? xas_start+0x32c/0x3f0
[ 26.576064][ T312] ? cpudl_cleanup+0x40/0x40
[ 26.580661][ T312] ? __filemap_get_folio+0x95e/0xae0
[ 26.585907][ T312] ? xas_load+0x39d/0x3b0
[ 26.590065][ T312] ? ext4_read_folio+0x240/0x240
[ 26.595146][ T312] do_writepages+0x385/0x620
[ 26.599550][ T312] ? __writepage+0x130/0x130
[ 26.603971][ T312] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 26.609444][ T312] __writeback_single_inode+0xdc/0xb80
[ 26.614934][ T312] writeback_sb_inodes+0xb32/0x1910
[ 26.619975][ T312] ? _raw_spin_lock+0xa4/0x1b0
[ 26.624573][ T312] ? queue_io+0x520/0x520
[ 26.628732][ T312] ? __writeback_inodes_wb+0x3f0/0x3f0
[ 26.634029][ T312] ? queue_io+0x3d0/0x520
[ 26.638193][ T312] ? memset+0x35/0x40
[ 26.642011][ T312] wb_writeback+0x3b9/0x9f0
[ 26.646369][ T312] ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[ 26.652165][ T312] ? set_worker_desc+0x158/0x1c0
[ 26.656951][ T312] ? cpudl_cleanup+0x40/0x40
[ 26.661364][ T312] ? __kasan_check_write+0x14/0x20
[ 26.666322][ T312] wb_workfn+0x399/0x1030
[ 26.670580][ T312] ? inode_wait_for_writeback+0x280/0x280
[ 26.676126][ T312] ? kthread_data+0x53/0xc0
[ 26.680460][ T312] ? _raw_spin_unlock+0x4c/0x70
[ 26.685147][ T312] ? finish_task_switch+0x167/0x7b0
[ 26.690180][ T312] ? __kasan_check_read+0x11/0x20
[ 26.695039][ T312] ? read_word_at_a_time+0x12/0x20
[ 26.699986][ T312] ? strscpy+0x9c/0x260
[ 26.703982][ T312] process_one_work+0x73d/0xcb0
[ 26.708672][ T312] worker_thread+0xa60/0x1260
[ 26.713181][ T312] ? __kasan_check_read+0x11/0x20
[ 26.718040][ T312] kthread+0x26d/0x300
[ 26.721943][ T312] ? worker_clr_flags+0x1a0/0x1a0
[ 26.726805][ T312] ? kthread_blkcg+0xd0/0xd0
[ 26.731244][ T312] ret_from_fork+0x1f/0x30
[ 26.735487][ T312] </TASK>
[ 26.738350][ T312] Modules linked in:
[ 26.742194][ T312] ---[ end trace 0000000000000000 ]---
[ 26.747387][ T312] RIP: 0010:ext4_writepages+0x3fab/0x3fd0
[ 26.752965][ T312] Code: 43 81 ff 31 ff 89 de e8 23 43 81 ff 45 84 f6 75 2a e8 89 40 81 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 75 40 81 ff <0f> 0b e8 6e 40 81 ff e8 25 52 0c ff e9 46 c3 ff ff e8 5f 40 81 ff
[ 26.772429][ T312] RSP: 0018:ffffc90000e87000 EFLAGS: 00010293
[ 26.778274][ T312] RAX: ffffffff81f42ddb RBX: 0000008000000000 RCX: ffff88810ba71440
[ 26.786228][ T312] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
[ 26.794065][ T312] RBP: ffffc90000e87410 R08: ffffffff81f3f53b R09: ffffed102178e2e7
[ 26.801827][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112a8a000
[ 26.809664][ T312] R13: ffff88810bc71870 R14: 000000c410000000 R15: ffffc90000e872e0
[ 26.817465][ T312] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 26.826241][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 26.832655][ T312] CR2: 0000555556cc07f8 CR3: 0000000122679000 CR4: 00000000003506a0
[ 26.840452][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.848290][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.856236][ T312] Kernel panic - not syncing: Fatal exception
[ 26.862436][ T312] Kernel Offset: disabled
[ 26.866569][ T312] Rebooting in 86400 seconds..