./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3815384147 <...> e48af000, 138412032 [pid 1445] write(4, "#! \n", 4 [pid 1441] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1462] <... munmap resumed>) = 0 [pid 1445] <... write resumed>) = 4 [pid 1441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1445] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 3 [pid 1445] <... futex resumed>) = 0 [pid 1441] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] newfstatat(3, "", [pid 1445] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1441] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1441] <... mprotect resumed>) = 0 [pid 1462] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 290] getdents64(3, [pid 1441] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1441] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1460] <... futex resumed>) = ? [pid 1460] +++ killed by SIGBUS +++ [pid 1449] +++ killed by SIGBUS +++ [pid 1443] +++ killed by SIGBUS +++ [pid 1441] <... clone3 resumed> => {parent_tid=[1464]}, 88) = 1464 ./strace-static-x86_64: Process 1464 attached [pid 1462] <... openat resumed>) = 4 [pid 1461] <... ioctl resumed>) = 0 [pid 1441] rt_sigprocmask(SIG_SETMASK, [], [pid 1462] ioctl(4, LOOP_SET_FD, 3 [pid 1441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1443, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1464] set_robust_list(0x7f0aeccae9a0, 24 [pid 1461] close(3 [pid 1441] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1464] <... set_robust_list resumed>) = 0 [pid 1461] <... close resumed>) = 0 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1464] write(4, "#! \n", 4) = 4 [pid 1461] close(4 [pid 1464] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1445] <... futex resumed>) = 0 [pid 1441] <... futex resumed>) = 1 [pid 1445] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1441] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1464] <... futex resumed>) = 1 [pid 1445] <... mmap resumed>) = 0x200000000000 [pid 1445] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1441] <... futex resumed>) = 0 [pid 1445] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1441] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1441] <... futex resumed>) = 0 [pid 1464] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 40.376559][ T1447] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 40.388242][ T1449] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1441] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 289] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 1441] <... futex resumed>) = ? [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1464] <... futex resumed>) = ? [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1464] +++ killed by SIGBUS +++ [pid 1445] +++ killed by SIGBUS +++ [pid 1441] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1462] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 1462] close(3) = 0 [pid 1462] close(4 [pid 290] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./38/file2") = 0 [pid 290] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./38/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./38") = 0 [pid 290] mkdir("./39", 0777) = 0 [ 40.415430][ T1445] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1461] <... close resumed>) = 0 [pid 1461] mkdir("./file2", 0777) = 0 [pid 1461] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1462] <... close resumed>) = 0 [pid 1462] mkdir("./file2", 0777) = 0 [pid 1462] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... openat resumed>) = 3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] close(3 [pid 287] newfstatat(AT_FDCWD, "./39/file2", [pid 290] <... close resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./37/file2", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 287] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] getdents64(4, [pid 287] openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1467 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 287] <... openat resumed>) = 4 [pid 289] <... close resumed>) = 0 [pid 287] newfstatat(4, "", [pid 289] rmdir("./37/file2") = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] getdents64(4, [pid 289] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] unlink("./37/binderfs" [pid 287] getdents64(4, [pid 289] <... unlink resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] getdents64(3, [pid 287] close(4 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 287] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 287] rmdir("./39/file2" [pid 289] rmdir("./37") = 0 [pid 287] <... rmdir resumed>) = 0 [pid 289] mkdir("./38", 0777) = 0 [pid 287] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 1467 attached ) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1467] set_robust_list(0x555594a056a0, 24 [pid 287] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1467] <... set_robust_list resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1467] chdir("./39" [pid 287] unlink("./39/binderfs" [pid 1467] <... chdir resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 1467] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] getdents64(3, [pid 1467] <... prctl resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1467] setpgid(0, 0 [pid 287] close(3 [pid 1467] <... setpgid resumed>) = 0 [pid 1461] <... mount resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] <... close resumed>) = 0 [pid 1467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1461] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] rmdir("./39" [pid 1467] <... openat resumed>) = 3 [pid 1461] <... openat resumed>) = 3 [pid 289] close(3 [pid 1462] <... mount resumed>) = 0 [pid 1461] chdir("./file2" [pid 289] <... close resumed>) = 0 [pid 1461] <... chdir resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... rmdir resumed>) = 0 [pid 1461] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1471 [pid 1461] ioctl(4, LOOP_CLR_FD) = 0 [pid 1461] close(4) = 0 [pid 1461] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1459] <... futex resumed>) = 0 [pid 1461] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1459] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1459] <... futex resumed>) = 0 [pid 1461] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1459] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1461] <... openat resumed>) = 4 [pid 1461] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1459] <... futex resumed>) = 0 [pid 1461] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1459] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1459] <... futex resumed>) = 0 [pid 1461] write(4, "#! \n", 4 [pid 1459] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1461] <... write resumed>) = 4 [pid 1459] <... futex resumed>) = 0 [pid 1461] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1461] <... futex resumed>) = 0 [pid 1459] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1461] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1459] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1472]}, 88) = 1472 [pid 1459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1459] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1459] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1472 attached ./strace-static-x86_64: Process 1471 attached [pid 1467] write(3, "1000", 4 [pid 1462] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 287] mkdir("./40", 0777 [pid 1472] set_robust_list(0x7f0aeccae9a0, 24 [pid 1471] set_robust_list(0x555594a056a0, 24 [pid 1467] <... write resumed>) = 4 [pid 1462] <... openat resumed>) = 3 [pid 287] <... mkdir resumed>) = 0 [pid 1472] <... set_robust_list resumed>) = 0 [pid 1471] <... set_robust_list resumed>) = 0 [pid 1467] close(3 [pid 1462] chdir("./file2" [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1472] rt_sigprocmask(SIG_SETMASK, [], [pid 1471] chdir("./38" [pid 1467] <... close resumed>) = 0 [pid 1462] <... chdir resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 1472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1471] <... chdir resumed>) = 0 [pid 1467] symlink("/dev/binderfs", "./binderfs"executing program [pid 1462] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] ioctl(3, LOOP_CLR_FD [pid 1472] write(4, "#! \n", 4 [pid 1471] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1467] <... symlink resumed>) = 0 [pid 1471] <... prctl resumed>) = 0 [pid 1467] write(1, "executing program\n", 18 [pid 1462] <... openat resumed>) = 4 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1472] <... write resumed>) = 4 [pid 1471] setpgid(0, 0 [pid 1467] <... write resumed>) = 18 [pid 1462] ioctl(4, LOOP_CLR_FD [pid 287] close(3 [pid 1471] <... setpgid resumed>) = 0 [pid 1467] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1462] <... ioctl resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1472] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1459] <... futex resumed>) = 0 [pid 1472] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1459] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1461] <... futex resumed>) = 0 [pid 1459] <... futex resumed>) = 1 [pid 1461] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1459] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1461] <... mmap resumed>) = 0x200000000000 [pid 1461] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1459] <... futex resumed>) = 0 [pid 1461] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1459] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1459] <... futex resumed>) = 0 [pid 1471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1467] <... futex resumed>) = 0 [pid 1462] close(4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1471] <... openat resumed>) = 3 [pid 1467] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1462] <... close resumed>) = 0 [pid 1471] write(3, "1000", 4 [pid 1467] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1473 [pid 1471] <... write resumed>) = 4 [pid 1467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1462] <... futex resumed>) = 1 [pid 1458] <... futex resumed>) = 0 [pid 1471] close(3 [pid 1467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1458] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] <... close resumed>) = 0 [pid 1467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1458] <... futex resumed>) = 0 [pid 1471] symlink("/dev/binderfs", "./binderfs"executing program [pid 1467] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1462] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1458] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1471] <... symlink resumed>) = 0 [pid 1467] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1471] write(1, "executing program\n", 18 [pid 1467] <... mprotect resumed>) = 0 [pid 1471] <... write resumed>) = 18 [pid 1467] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1471] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1467] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1471] <... futex resumed>) = 0 [pid 1467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1471] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1467] <... clone3 resumed> => {parent_tid=[1474]}, 88) = 1474 [pid 1471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1467] rt_sigprocmask(SIG_SETMASK, [], [pid 1471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1459] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1467] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1462] <... openat resumed>) = 4 [pid 1471] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1467] <... futex resumed>) = 0 [pid 1462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- ./strace-static-x86_64: Process 1474 attached ./strace-static-x86_64: Process 1473 attached [pid 1472] <... futex resumed>) = ? [pid 1471] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1467] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1462] <... futex resumed>) = 1 [pid 1459] <... futex resumed>) = ? [pid 1458] <... futex resumed>) = 0 [pid 1474] set_robust_list(0x7f0aecccf9a0, 24 [pid 1473] set_robust_list(0x555594a056a0, 24 [pid 1472] +++ killed by SIGBUS +++ [pid 1471] <... mprotect resumed>) = 0 [pid 1462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1458] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... set_robust_list resumed>) = 0 [pid 1473] <... set_robust_list resumed>) = 0 [pid 1471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1461] +++ killed by SIGBUS +++ [pid 1459] +++ killed by SIGBUS +++ [pid 1458] <... futex resumed>) = 0 [pid 1474] rt_sigprocmask(SIG_SETMASK, [], [pid 1473] chdir("./40" [pid 1471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1462] write(4, "#! \n", 4 [pid 1458] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1473] <... chdir resumed>) = 0 [pid 1471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1474] memfd_create("syzkaller", 0 [pid 1473] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1462] <... write resumed>) = 4 [pid 1458] <... futex resumed>) = 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1474] <... memfd_create resumed>) = 3 [pid 1473] <... prctl resumed>) = 0 [pid 1462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1473] setpgid(0, 0 [pid 1471] <... clone3 resumed> => {parent_tid=[1475]}, 88) = 1475 [pid 1462] <... futex resumed>) = 0 [pid 1458] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1474] <... mmap resumed>) = 0x7f0ae48af000 [pid 1473] <... setpgid resumed>) = 0 [pid 1471] rt_sigprocmask(SIG_SETMASK, [], [pid 1462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1458] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 1475 attached [pid 1473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1458] <... mprotect resumed>) = 0 [pid 1475] set_robust_list(0x7f0aecccf9a0, 24 [pid 1474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1473] <... openat resumed>) = 3 [pid 1471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1475] <... set_robust_list resumed>) = 0 [pid 1473] write(3, "1000", 4 [pid 1471] <... futex resumed>) = 0 [pid 1458] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 1475] rt_sigprocmask(SIG_SETMASK, [], [pid 1474] <... write resumed>) = 524288 [pid 1473] <... write resumed>) = 4 [pid 1474] munmap(0x7f0ae48af000, 138412032 [pid 1473] close(3 [pid 1471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1474] <... munmap resumed>) = 0 [pid 1473] <... close resumed>) = 0 [pid 1474] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1473] symlink("/dev/binderfs", "./binderfs"executing program [pid 1474] <... openat resumed>) = 4 [pid 1473] <... symlink resumed>) = 0 [pid 1474] ioctl(4, LOOP_SET_FD, 3 [pid 1473] write(1, "executing program\n", 18 [pid 1458] <... clone3 resumed> => {parent_tid=[1476]}, 88) = 1476 [pid 291] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1473] <... write resumed>) = 18 [pid 1458] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1473] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1473] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1473] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1458] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1473] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1458] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 1473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1458] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] newfstatat(3, "", [pid 1473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1473] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1473] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 291] getdents64(3, [pid 1473] <... mprotect resumed>) = 0 [pid 1473] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1473] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1473] <... clone3 resumed> => {parent_tid=[1478]}, 88) = 1478 [pid 1473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1473] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1473] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1474] <... ioctl resumed>) = 0 [pid 1474] close(3) = 0 [pid 1474] close(4./strace-static-x86_64: Process 1478 attached [pid 1478] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1478] memfd_create("syzkaller", 0) = 3 [pid 1475] memfd_create("syzkaller", 0) = 3 [pid 1475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 1476 attached [pid 1478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1476] set_robust_list(0x7f0aeccae9a0, 24 [pid 1475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1476] <... set_robust_list resumed>) = 0 [pid 1475] <... write resumed>) = 524288 [pid 1476] rt_sigprocmask(SIG_SETMASK, [], [pid 1475] munmap(0x7f0ae48af000, 138412032 [pid 1476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1475] <... munmap resumed>) = 0 [pid 1476] write(4, "#! \n", 4 [pid 1475] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1476] <... write resumed>) = 4 [pid 1476] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1458] <... futex resumed>) = 0 [pid 1458] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1462] <... futex resumed>) = 0 [pid 1458] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1462] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1458] <... futex resumed>) = 0 [pid 1462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1458] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1458] <... futex resumed>) = 0 [pid 1476] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1478] <... write resumed>) = 524288 [pid 1478] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1478] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1458] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1462] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1458] <... futex resumed>) = ? [pid 1476] <... futex resumed>) = ? [pid 1476] +++ killed by SIGBUS +++ [pid 1462] +++ killed by SIGBUS +++ [pid 1458] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1458, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1474] <... close resumed>) = 0 [pid 1474] mkdir("./file2", 0777) = 0 [pid 1474] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 40.710249][ T1461] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 40.744357][ T1462] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1475] <... openat resumed>) = 4 [pid 1478] <... openat resumed>) = 4 [pid 1478] ioctl(4, LOOP_SET_FD, 3 [pid 1475] ioctl(4, LOOP_SET_FD, 3 [pid 1478] <... ioctl resumed>) = 0 [pid 1478] close(3) = 0 [pid 1478] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./38/file2") = 0 [pid 291] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./38/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./38") = 0 [pid 291] mkdir("./39", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1475] <... ioctl resumed>) = 0 [pid 1475] close(3) = 0 [pid 1475] close(4 [pid 1478] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./37/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1478] mkdir("./file2", 0777 [pid 288] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./37/file2") = 0 [pid 288] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./37/binderfs", [pid 1478] <... mkdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1478] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] unlink("./37/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./37") = 0 [pid 288] mkdir("./38", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1474] <... mount resumed>) = 0 [pid 1474] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1474] chdir("./file2") = 0 [pid 1474] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1475] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 1475] mkdir("./file2", 0777) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 1475] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1474] <... openat resumed>) = 4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... openat resumed>) = 3 [pid 1474] ioctl(4, LOOP_CLR_FD [pid 291] close(3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 1474] <... ioctl resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1474] close(4 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] close(3 [pid 1474] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 1474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1483 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1474] <... futex resumed>) = 1 [pid 1467] <... futex resumed>) = 0 [pid 1474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1484 ./strace-static-x86_64: Process 1484 attached [pid 1467] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1484] set_robust_list(0x555594a056a0, 24) = 0 [pid 1484] chdir("./38" [pid 1474] <... futex resumed>) = 0 [pid 1467] <... futex resumed>) = 1 [pid 1484] <... chdir resumed>) = 0 [pid 1484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1484] setpgid(0, 0 [pid 1474] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1467] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1484] <... setpgid resumed>) = 0 [pid 1484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1484] write(3, "1000", 4) = 4 [pid 1484] close(3) = 0 [pid 1484] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1484] write(1, "executing program\n", 18) = 18 [pid 1474] <... openat resumed>) = 4 [pid 1484] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1467] <... futex resumed>) = 0 [pid 1474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1467] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1467] <... futex resumed>) = 0 [pid 1484] <... futex resumed>) = 0 [pid 1474] write(4, "#! \n", 4 [pid 1467] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1483 attached [pid 1484] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1474] <... write resumed>) = 4 [pid 1467] <... futex resumed>) = 0 [pid 1474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1474] <... futex resumed>) = 0 [pid 1467] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1467] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1484] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1467] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1467] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1483] set_robust_list(0x555594a056a0, 24 [pid 1467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1483] <... set_robust_list resumed>) = 0 [pid 1484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1483] chdir("./39" [pid 1484] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1484] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1467] <... clone3 resumed> => {parent_tid=[1485]}, 88) = 1485 [pid 1484] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1467] rt_sigprocmask(SIG_SETMASK, [], [pid 1483] <... chdir resumed>) = 0 [pid 1467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1483] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1467] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1483] <... prctl resumed>) = 0 [pid 1467] <... futex resumed>) = 0 [pid 1483] setpgid(0, 0 [pid 1484] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1483] <... setpgid resumed>) = 0 [pid 1483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1467] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 1483] <... openat resumed>) = 3 [pid 1484] <... clone3 resumed> => {parent_tid=[1488]}, 88) = 1488 [pid 1484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1484] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1483] write(3, "1000", 4) = 4 [pid 1483] close(3) = 0 [pid 1483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1483] write(1, "executing program\n", 18) = 18 [pid 1483] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1483] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1483] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1489]}, 88) = 1489 [pid 1483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1489 attached [pid 1489] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1489] memfd_create("syzkaller", 0) = 3 [pid 1489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1489] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1489] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1489] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1485 attached [pid 1485] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1485] write(4, "#! \n", 4) = 4 [pid 1485] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1467] <... futex resumed>) = 0 [pid 1485] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1467] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... futex resumed>) = 0 [pid 1467] <... futex resumed>) = 1 [pid 1474] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1467] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1474] <... mmap resumed>) = 0x200000000000 [pid 1474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1467] <... futex resumed>) = 0 [pid 1474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1467] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1467] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1488 attached [pid 1488] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1488] memfd_create("syzkaller", 0) = 3 [pid 1488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1488] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1488] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1489] <... ioctl resumed>) = 0 [pid 1489] close(3) = 0 [pid 1489] close(4 [pid 1467] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1475] <... mount resumed>) = 0 [pid 1475] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1475] chdir("./file2") = 0 [pid 1475] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1478] <... mount resumed>) = 0 [pid 1478] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1478] chdir("./file2") = 0 [pid 1478] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1474] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1485] <... futex resumed>) = ? [pid 1467] <... futex resumed>) = ? [pid 1485] +++ killed by SIGBUS +++ [pid 1474] +++ killed by SIGBUS +++ [pid 1467] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1467, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1489] <... close resumed>) = 0 [ 41.006860][ T1474] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1488] <... openat resumed>) = 4 [pid 1475] <... openat resumed>) = 4 [pid 1489] mkdir("./file2", 0777) = 0 [pid 1489] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1478] <... openat resumed>) = 4 [pid 1488] ioctl(4, LOOP_SET_FD, 3 [pid 1478] ioctl(4, LOOP_CLR_FD [pid 1475] ioctl(4, LOOP_CLR_FD [pid 1489] <... mount resumed>) = 0 [pid 1489] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1489] chdir("./file2") = 0 [pid 1489] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 1478] <... ioctl resumed>) = 0 [pid 1475] <... ioctl resumed>) = 0 [pid 1478] close(4 [pid 290] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1475] close(4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1488] <... ioctl resumed>) = 0 [pid 1478] <... close resumed>) = 0 [pid 1475] <... close resumed>) = 0 [pid 290] getdents64(4, [pid 1478] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1478] <... futex resumed>) = 1 [pid 1475] <... futex resumed>) = 1 [pid 1473] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1478] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1475] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1473] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1473] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 0 [pid 290] getdents64(4, [pid 1478] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1475] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1473] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1489] <... openat resumed>) = 4 [pid 1488] close(3 [pid 1478] <... openat resumed>) = 4 [pid 1475] <... openat resumed>) = 4 [pid 290] close(4 [pid 1478] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 1478] <... futex resumed>) = 1 [pid 1475] <... futex resumed>) = 1 [pid 1473] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 0 [pid 290] rmdir("./39/file2" [pid 1489] ioctl(4, LOOP_CLR_FD [pid 1488] <... close resumed>) = 0 [pid 1478] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1475] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1473] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 1489] <... ioctl resumed>) = 0 [pid 1488] close(4 [pid 1478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1473] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 0 [pid 290] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1489] close(4 [pid 1478] write(4, "#! \n", 4 [pid 1475] write(4, "#! \n", 4 [pid 1473] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1478] <... write resumed>) = 4 [pid 1475] <... write resumed>) = 4 [pid 1473] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1478] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1478] <... futex resumed>) = 0 [pid 1475] <... futex resumed>) = 0 [pid 1473] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1471] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] unlink("./39/binderfs" [pid 1478] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1475] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1473] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1471] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... unlink resumed>) = 0 [pid 1473] <... mprotect resumed>) = 0 [pid 1471] <... mprotect resumed>) = 0 [pid 290] getdents64(3, [pid 1473] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1473] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] close(3 [pid 1473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./39" [pid 1473] <... clone3 resumed> => {parent_tid=[1497]}, 88) = 1497 [pid 1471] <... clone3 resumed> => {parent_tid=[1498]}, 88) = 1498 [pid 290] <... rmdir resumed>) = 0 [pid 1473] rt_sigprocmask(SIG_SETMASK, [], [pid 1471] rt_sigprocmask(SIG_SETMASK, [], [pid 290] mkdir("./40", 0777 [pid 1473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 1473] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1473] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 0 [pid 1473] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1471] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1498 attached [pid 1498] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1498] write(4, "#! \n", 4) = 4 [pid 1498] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1497 attached ) = 1 [pid 1471] <... futex resumed>) = 0 [pid 1471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 1 [pid 1475] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1498] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1497] set_robust_list(0x7f0aeccae9a0, 24 [pid 1475] <... mmap resumed>) = 0x200000000000 [pid 1475] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1497] <... set_robust_list resumed>) = 0 [pid 1497] rt_sigprocmask(SIG_SETMASK, [], [pid 1475] <... futex resumed>) = 1 [pid 1471] <... futex resumed>) = 0 [pid 1475] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1471] <... futex resumed>) = 0 [pid 1497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1497] write(4, "#! \n", 4) = 4 [pid 1497] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1497] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1473] <... futex resumed>) = 0 [pid 1473] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1473] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1478] <... futex resumed>) = 0 [pid 1478] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1478] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1473] <... futex resumed>) = 0 [pid 1478] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1473] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1473] <... futex resumed>) = 0 [pid 1475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1471] <... futex resumed>) = ? [pid 1498] <... futex resumed>) = ? [pid 1498] +++ killed by SIGBUS +++ [pid 1475] +++ killed by SIGBUS +++ [pid 1471] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1473] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1489] <... close resumed>) = 0 [pid 1488] <... close resumed>) = 0 [pid 1478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1489] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1488] mkdir("./file2", 0777 [pid 1497] <... futex resumed>) = ? [pid 1489] <... futex resumed>) = 1 [pid 1488] <... mkdir resumed>) = 0 [pid 1483] <... futex resumed>) = 0 [pid 1489] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1488] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1483] <... futex resumed>) = 0 [pid 1489] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1489] <... openat resumed>) = 4 [pid 1473] <... futex resumed>) = ? [pid 1489] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1483] <... futex resumed>) = 0 [pid 1489] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1497] +++ killed by SIGBUS +++ [pid 1489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1483] <... futex resumed>) = 0 [pid 1489] write(4, "#! \n", 4 [pid 1483] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1489] <... write resumed>) = 4 [pid 1483] <... futex resumed>) = 0 [pid 1489] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1489] <... futex resumed>) = 0 [pid 1483] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1489] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1483] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1478] +++ killed by SIGBUS +++ [pid 1473] +++ killed by SIGBUS +++ [pid 1483] <... mprotect resumed>) = 0 [pid 1483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1473, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 1483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1483] <... clone3 resumed> => {parent_tid=[1499]}, 88) = 1499 [pid 1483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1483] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1483] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1499 attached [pid 1499] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1499] write(4, "#! \n", 4) = 4 [pid 1499] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1483] <... futex resumed>) = 0 [pid 1483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1489] <... futex resumed>) = 0 [pid 1483] <... futex resumed>) = 1 [pid 1489] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1499] <... futex resumed>) = 1 [pid 1489] <... mmap resumed>) = 0x200000000000 [pid 1489] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1483] <... futex resumed>) = 0 [pid 1489] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1483] <... futex resumed>) = 0 [pid 1483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1499] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... restart_syscall resumed>) = 0 [ 41.133950][ T1475] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 41.135596][ T1478] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1483] <... futex resumed>) = ? [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 1499] <... futex resumed>) = ? [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, [pid 1499] +++ killed by SIGBUS +++ [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1489] +++ killed by SIGBUS +++ [pid 1483] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./40/file2") = 0 [pid 287] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./40/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./40") = 0 [pid 287] mkdir("./41", 0777) = 0 [ 41.170024][ T1489] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] close(3 [pid 1488] <... mount resumed>) = 0 [pid 1488] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1488] chdir("./file2") = 0 [pid 1488] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1502 [pid 291] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1488] <... openat resumed>) = 4 [pid 289] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... openat resumed>) = 3 [pid 1488] ioctl(4, LOOP_CLR_FD [pid 291] openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] ioctl(3, LOOP_CLR_FD [pid 289] newfstatat(AT_FDCWD, "./38/file2", [pid 1488] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1488] close(4 [pid 291] newfstatat(4, "", [pid 287] close(3 [pid 1488] <... close resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... close resumed>) = 0 [pid 1488] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1488] <... futex resumed>) = 1 [pid 1484] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1488] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1484] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1484] <... futex resumed>) = 0 [pid 1484] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1503 [pid 1488] <... openat resumed>) = 4 [pid 291] getdents64(4, [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1488] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 1488] <... futex resumed>) = 1 [pid 1484] <... futex resumed>) = 0 [pid 291] close(4 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1488] write(4, "#! \n", 4 [pid 1484] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1488] <... write resumed>) = 4 [pid 1484] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 289] getdents64(4, [pid 1488] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1484] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1488] <... futex resumed>) = 0 [pid 1484] <... futex resumed>) = 0 [pid 291] rmdir("./39/file2" [pid 289] close(4./strace-static-x86_64: Process 1503 attached [pid 1488] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 291] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 1484] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1503] set_robust_list(0x555594a056a0, 24 [pid 1484] <... mprotect resumed>) = 0 [pid 291] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./38/file2" [pid 1503] <... set_robust_list resumed>) = 0 [pid 1484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... rmdir resumed>) = 0 [pid 1503] chdir("./41" [pid 1484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1484] <... clone3 resumed> => {parent_tid=[1504]}, 88) = 1504 [pid 291] unlink("./39/binderfs" [pid 1484] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... unlink resumed>) = 0 [pid 1484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] getdents64(3, [pid 1484] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1484] <... futex resumed>) = 0 [pid 291] close(3 [pid 1484] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./39") = 0 [pid 291] mkdir("./40", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 1503] <... chdir resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1503] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... close resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./38/binderfs", [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1505 [pid 289] unlink("./38/binderfs" [pid 1503] <... prctl resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 289] getdents64(3, [pid 1503] setpgid(0, 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1503] <... setpgid resumed>) = 0 [pid 289] close(3) = 0 [pid 1503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] rmdir("./38"./strace-static-x86_64: Process 1505 attached [pid 1505] set_robust_list(0x555594a056a0, 24 [pid 289] <... rmdir resumed>) = 0 [pid 289] mkdir("./39", 0777 [pid 1503] <... openat resumed>) = 3 [pid 1505] <... set_robust_list resumed>) = 0 [pid 1505] chdir("./40" [pid 289] <... mkdir resumed>) = 0 [pid 1503] write(3, "1000", 4 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1503] <... write resumed>) = 4 [pid 289] <... openat resumed>) = 3 [pid 1503] close(3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 1503] <... close resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1503] symlink("/dev/binderfs", "./binderfs" [pid 289] close(3) = 0 [pid 1503] <... symlink resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1505] <... chdir resumed>) = 0 [pid 1505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 1503] write(1, "executing program\n", 18) = 18 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1506 [pid 1503] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1505] setpgid(0, 0) = 0 [pid 1505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1503] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1503] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1507]}, 88) = 1507 [pid 1503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1503] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1503] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1507 attached ./strace-static-x86_64: Process 1506 attached ./strace-static-x86_64: Process 1504 attached ./strace-static-x86_64: Process 1502 attached [pid 1505] <... openat resumed>) = 3 [pid 1507] set_robust_list(0x7f0aecccf9a0, 24 [pid 1504] set_robust_list(0x7f0aeccae9a0, 24 [pid 1502] set_robust_list(0x555594a056a0, 24 [pid 1507] <... set_robust_list resumed>) = 0 [pid 1504] <... set_robust_list resumed>) = 0 [pid 1502] <... set_robust_list resumed>) = 0 [pid 1507] rt_sigprocmask(SIG_SETMASK, [], [pid 1506] set_robust_list(0x555594a056a0, 24 [pid 1504] rt_sigprocmask(SIG_SETMASK, [], [pid 1502] chdir("./40" [pid 1507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1506] <... set_robust_list resumed>) = 0 [pid 1505] write(3, "1000", 4 [pid 1504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1502] <... chdir resumed>) = 0 [pid 1507] memfd_create("syzkaller", 0 [pid 1506] chdir("./39" [pid 1505] <... write resumed>) = 4 [pid 1504] write(4, "#! \n", 4 [pid 1502] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1507] <... memfd_create resumed>) = 3 [pid 1506] <... chdir resumed>) = 0 [pid 1505] close(3 [pid 1504] <... write resumed>) = 4 [pid 1502] <... prctl resumed>) = 0 [pid 1507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1505] <... close resumed>) = 0 [pid 1504] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] setpgid(0, 0 [pid 1507] <... mmap resumed>) = 0x7f0ae48af000 [pid 1506] <... prctl resumed>) = 0 [pid 1505] symlink("/dev/binderfs", "./binderfs" [pid 1504] <... futex resumed>) = 1 [pid 1502] <... setpgid resumed>) = 0 [pid 1484] <... futex resumed>) = 0 [pid 1507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1506] setpgid(0, 0 [pid 1505] <... symlink resumed>) = 0 [pid 1504] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1484] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] <... write resumed>) = 524288 [pid 1506] <... setpgid resumed>) = 0 [pid 1505] write(1, "executing program\n", 18 [pid 1502] <... openat resumed>) = 3 executing program [pid 1484] <... futex resumed>) = 1 [pid 1488] <... futex resumed>) = 0 [pid 1506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1505] <... write resumed>) = 18 [pid 1502] write(3, "1000", 4 [pid 1488] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1484] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] munmap(0x7f0ae48af000, 138412032 [pid 1506] <... openat resumed>) = 3 [pid 1505] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] <... write resumed>) = 4 [pid 1488] <... mmap resumed>) = 0x200000000000 [pid 1507] <... munmap resumed>) = 0 [pid 1506] write(3, "1000", 4 [pid 1505] <... futex resumed>) = 0 [pid 1502] close(3 [pid 1488] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1506] <... write resumed>) = 4 [pid 1505] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1502] <... close resumed>) = 0 [pid 1488] <... futex resumed>) = 1 [pid 1484] <... futex resumed>) = 0 [pid 1507] <... openat resumed>) = 4 [pid 1506] close(3 [pid 1505] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1502] symlink("/dev/binderfs", "./binderfs" [pid 1488] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1484] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] ioctl(4, LOOP_SET_FD, 3executing program executing program [pid 1506] <... close resumed>) = 0 [pid 1505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1502] <... symlink resumed>) = 0 [pid 1488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1484] <... futex resumed>) = 0 [pid 1506] symlink("/dev/binderfs", "./binderfs" [pid 1505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1502] write(1, "executing program\n", 18 [pid 1506] <... symlink resumed>) = 0 [pid 1505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1502] <... write resumed>) = 18 [pid 1484] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1506] write(1, "executing program\n", 18 [pid 1505] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1502] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... write resumed>) = 18 [pid 1505] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1502] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1505] <... mprotect resumed>) = 0 [pid 1502] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1506] <... futex resumed>) = 0 [pid 1505] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1502] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1506] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1505] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1506] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1505] <... clone3 resumed> => {parent_tid=[1509]}, 88) = 1509 [pid 1502] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1505] rt_sigprocmask(SIG_SETMASK, [], [pid 1502] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1506] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1502] <... mprotect resumed>) = 0 [pid 1506] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1505] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1506] <... mprotect resumed>) = 0 [pid 1505] <... futex resumed>) = 0 [pid 1502] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1505] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1506] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1502] <... clone3 resumed> => {parent_tid=[1510]}, 88) = 1510 [pid 1502] rt_sigprocmask(SIG_SETMASK, [], [pid 1506] <... clone3 resumed> => {parent_tid=[1511]}, 88) = 1511 [pid 1502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1506] rt_sigprocmask(SIG_SETMASK, [], [pid 1502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1502] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1507] <... ioctl resumed>) = 0 [pid 1507] close(3) = 0 [pid 1507] close(4./strace-static-x86_64: Process 1509 attached [pid 1509] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1509] memfd_create("syzkaller", 0) = 3 [pid 1509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1509] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1509] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 1510 attached [pid 1510] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1510] memfd_create("syzkaller", 0) = 3 [pid 1510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 1511 attached [pid 1511] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1511] rt_sigprocmask(SIG_SETMASK, [], [pid 1488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1511] memfd_create("syzkaller", 0 [pid 1504] <... futex resumed>) = ? [pid 1484] <... futex resumed>) = ? [pid 1511] <... memfd_create resumed>) = 3 [pid 1504] +++ killed by SIGBUS +++ [pid 1511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1510] <... write resumed>) = 524288 [pid 1510] munmap(0x7f0ae48af000, 138412032 [pid 1511] <... write resumed>) = 524288 [pid 1511] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1511] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1488] +++ killed by SIGBUS +++ [pid 1484] +++ killed by SIGBUS +++ [pid 1510] <... munmap resumed>) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1484, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1510] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1511] <... openat resumed>) = 4 [pid 1510] <... openat resumed>) = 4 [pid 1509] <... openat resumed>) = 4 [pid 1507] <... close resumed>) = 0 [pid 1509] ioctl(4, LOOP_SET_FD, 3 [pid 1511] ioctl(4, LOOP_SET_FD, 3 [pid 1510] ioctl(4, LOOP_SET_FD, 3 [pid 1507] mkdir("./file2", 0777) = 0 [pid 1509] <... ioctl resumed>) = 0 [pid 1507] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1509] close(3 [pid 1510] <... ioctl resumed>) = 0 [pid 1509] <... close resumed>) = 0 [pid 1510] close(3 [pid 1509] close(4 [pid 1511] <... ioctl resumed>) = 0 [pid 1510] <... close resumed>) = 0 [pid 1511] close(3 [pid 1510] close(4 [pid 1511] <... close resumed>) = 0 [pid 1511] close(4 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 41.339605][ T1488] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1509] <... close resumed>) = 0 [pid 1509] mkdir("./file2", 0777) = 0 [pid 1509] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1507] <... mount resumed>) = 0 [pid 1507] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1507] chdir("./file2") = 0 [pid 1507] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1510] <... close resumed>) = 0 [pid 1510] mkdir("./file2", 0777) = 0 [pid 1510] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1511] <... close resumed>) = 0 [pid 1511] mkdir("./file2", 0777) = 0 [pid 1511] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1509] <... mount resumed>) = 0 [pid 1509] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1509] chdir("./file2") = 0 [pid 1509] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1507] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 1509] ioctl(4, LOOP_CLR_FD [pid 1507] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1509] <... ioctl resumed>) = 0 [pid 1507] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1509] close(4 [pid 1507] close(4 [pid 288] newfstatat(AT_FDCWD, "./38/file2", [pid 1509] <... close resumed>) = 0 [pid 1507] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1509] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./38/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1509] <... futex resumed>) = 1 [pid 1507] <... futex resumed>) = 1 [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1509] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1507] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1505] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 1509] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1507] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1505] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1503] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] newfstatat(4, "", [pid 1509] <... openat resumed>) = 4 [pid 1507] <... openat resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1509] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] getdents64(4, [pid 1509] <... futex resumed>) = 1 [pid 1507] <... futex resumed>) = 1 [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1509] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1507] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1505] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] getdents64(4, [pid 1509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1509] write(4, "#! \n", 4 [pid 1507] write(4, "#! \n", 4 [pid 1505] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(4 [pid 1509] <... write resumed>) = 4 [pid 1507] <... write resumed>) = 4 [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 1509] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] rmdir("./38/file2" [pid 1509] <... futex resumed>) = 0 [pid 1507] <... futex resumed>) = 0 [pid 1505] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1503] <... mmap resumed>) = 0x7f0aecc8e000 [pid 288] <... rmdir resumed>) = 0 [pid 1509] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1507] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1505] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1503] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1505] <... mprotect resumed>) = 0 [pid 1503] <... mprotect resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1505] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1503] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] newfstatat(AT_FDCWD, "./38/binderfs", [pid 1505] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1503] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] unlink("./38/binderfs") = 0 [pid 1505] <... clone3 resumed> => {parent_tid=[1523]}, 88) = 1523 [pid 1503] <... clone3 resumed> => {parent_tid=[1524]}, 88) = 1524 [pid 288] getdents64(3, [pid 1505] rt_sigprocmask(SIG_SETMASK, [], [pid 1503] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] close(3./strace-static-x86_64: Process 1524 attached ./strace-static-x86_64: Process 1523 attached [pid 1505] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 1524] set_robust_list(0x7f0aeccae9a0, 24 [pid 1523] set_robust_list(0x7f0aeccae9a0, 24 [pid 1511] <... mount resumed>) = 0 [pid 1510] <... mount resumed>) = 0 [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] rmdir("./38" [pid 1524] <... set_robust_list resumed>) = 0 [pid 1523] <... set_robust_list resumed>) = 0 [pid 1511] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1510] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1505] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1503] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... rmdir resumed>) = 0 [pid 1524] rt_sigprocmask(SIG_SETMASK, [], [pid 1523] rt_sigprocmask(SIG_SETMASK, [], [pid 1511] <... openat resumed>) = 3 [pid 1510] <... openat resumed>) = 3 [pid 288] mkdir("./39", 0777 [pid 1524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1511] chdir("./file2" [pid 1510] chdir("./file2" [pid 1524] write(4, "#! \n", 4 [pid 1523] write(4, "#! \n", 4 [pid 1524] <... write resumed>) = 4 [pid 1523] <... write resumed>) = 4 [pid 1511] <... chdir resumed>) = 0 [pid 1510] <... chdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 1524] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1523] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1511] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1524] <... futex resumed>) = 1 [pid 1523] <... futex resumed>) = 1 [pid 1510] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1505] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1524] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1523] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1511] <... openat resumed>) = 4 [pid 1510] <... openat resumed>) = 4 [pid 1505] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1511] ioctl(4, LOOP_CLR_FD [pid 1510] ioctl(4, LOOP_CLR_FD [pid 1509] <... futex resumed>) = 0 [pid 1505] <... futex resumed>) = 1 [pid 1507] <... futex resumed>) = 0 [pid 1503] <... futex resumed>) = 1 [pid 288] <... openat resumed>) = 3 [pid 1511] <... ioctl resumed>) = 0 [pid 1510] <... ioctl resumed>) = 0 [pid 1509] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1507] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1505] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1503] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] ioctl(3, LOOP_CLR_FD [pid 1511] close(4 [pid 1509] <... mmap resumed>) = 0x200000000000 [pid 1507] <... mmap resumed>) = 0x200000000000 [pid 1509] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1511] <... close resumed>) = 0 [pid 1510] close(4 [pid 1509] <... futex resumed>) = 1 [pid 1507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1505] <... futex resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1511] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1510] <... close resumed>) = 0 [pid 1509] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1507] <... futex resumed>) = 1 [pid 1505] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] <... futex resumed>) = 0 [pid 288] close(3 [pid 1511] <... futex resumed>) = 1 [pid 1510] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1507] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1506] <... futex resumed>) = 0 [pid 1505] <... futex resumed>) = 0 [pid 1503] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 1511] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1510] <... futex resumed>) = 1 [pid 1502] <... futex resumed>) = 0 [pid 1507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1510] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1505] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1503] <... futex resumed>) = 0 [pid 1502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1511] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1510] <... openat resumed>) = 4 [pid 1506] <... futex resumed>) = 0 [pid 1503] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1502] <... futex resumed>) = 0 [pid 1511] <... openat resumed>) = 4 [pid 1510] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1525 [pid 1511] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1510] <... futex resumed>) = 0 [pid 1506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1511] <... futex resumed>) = 0 [pid 1510] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1511] write(4, "#! \n", 4 [pid 1510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1506] <... futex resumed>) = 0 [pid 1502] <... futex resumed>) = 0 [pid 1511] <... write resumed>) = 4 [pid 1510] write(4, "#! \n", 4 [pid 1506] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1511] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1510] <... write resumed>) = 4 [pid 1506] <... futex resumed>) = 0 [pid 1502] <... futex resumed>) = 0 [pid 1511] <... futex resumed>) = 0 [pid 1510] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1511] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1510] <... futex resumed>) = 0 [pid 1506] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1502] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1510] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1506] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1502] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1506] <... mprotect resumed>) = 0 [pid 1502] <... mprotect resumed>) = 0 [pid 1506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1502] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1506] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1502] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1506] <... clone3 resumed> => {parent_tid=[1526]}, 88) = 1526 [pid 1502] <... clone3 resumed> => {parent_tid=[1527]}, 88) = 1527 [pid 1506] rt_sigprocmask(SIG_SETMASK, [], [pid 1502] rt_sigprocmask(SIG_SETMASK, [], [pid 1506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1506] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... futex resumed>) = 0 [pid 1502] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1502] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1527 attached [pid 1527] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1527] write(4, "#! \n", 4) = 4 [pid 1527] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1502] <... futex resumed>) = 0 [pid 1502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1510] <... futex resumed>) = 0 [pid 1502] <... futex resumed>) = 1 [pid 1510] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1510] <... mmap resumed>) = 0x200000000000 [pid 1510] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1502] <... futex resumed>) = 0 [pid 1510] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1502] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1526 attached ./strace-static-x86_64: Process 1525 attached [pid 1527] <... futex resumed>) = 1 [pid 1509] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1525] set_robust_list(0x555594a056a0, 24 [pid 1524] <... futex resumed>) = ? [pid 1525] <... set_robust_list resumed>) = 0 [pid 1525] chdir("./39") = 0 [pid 1525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1525] setpgid(0, 0) = 0 [pid 1525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1525] write(3, "1000", 4executing program ) = 4 [pid 1525] close(3) = 0 [pid 1525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1525] write(1, "executing program\n", 18) = 18 [pid 1525] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1525] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1525] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1528]}, 88) = 1528 [pid 1525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1525] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1525] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1523] <... futex resumed>) = ? [pid 1526] set_robust_list(0x7f0aeccae9a0, 24 [pid 1527] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1526] <... set_robust_list resumed>) = 0 [pid 1526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1526] write(4, "#! \n", 4) = 4 [pid 1526] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1526] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1503] <... futex resumed>) = ? [pid 1524] +++ killed by SIGBUS +++ [pid 1507] +++ killed by SIGBUS +++ [pid 1503] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1503, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 1528 attached [pid 1528] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1528] memfd_create("syzkaller", 0) = 3 [pid 1528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1528] <... write resumed>) = 524288 [pid 1528] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1528] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1505] <... futex resumed>) = ? [pid 1510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1527] <... futex resumed>) = ? [pid 1502] <... futex resumed>) = ? [pid 1511] <... futex resumed>) = 0 [pid 1506] <... futex resumed>) = 1 [pid 1523] +++ killed by SIGBUS +++ [pid 1511] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1509] +++ killed by SIGBUS +++ [pid 1511] <... mmap resumed>) = 0x200000000000 [pid 1506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1527] +++ killed by SIGBUS +++ [pid 1505] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 1511] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1511] <... futex resumed>) = 1 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1510] +++ killed by SIGBUS +++ [pid 1502] +++ killed by SIGBUS +++ [pid 1528] ioctl(4, LOOP_SET_FD, 3 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1502, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1528] <... ioctl resumed>) = 0 [pid 1528] close(3) = 0 [pid 1528] close(4) = 0 [ 41.664501][ T1509] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 41.675817][ T1507] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 41.690304][ T1510] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1528] mkdir("./file2", 0777) = 0 [pid 1528] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... restart_syscall resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 1511] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1526] <... futex resumed>) = ? [pid 1506] <... futex resumed>) = ? [pid 290] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1526] +++ killed by SIGBUS +++ [pid 291] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1511] +++ killed by SIGBUS +++ [pid 1506] +++ killed by SIGBUS +++ [pid 291] <... openat resumed>) = 3 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1506, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1528] <... mount resumed>) = 0 [pid 1528] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1528] <... openat resumed>) = 3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1528] chdir("./file2") = 0 [pid 1528] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./41/file2") = 0 [pid 287] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./41/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./41") = 0 [pid 287] mkdir("./42", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1532 ./strace-static-x86_64: Process 1532 attached [pid 1532] set_robust_list(0x555594a056a0, 24) = 0 [pid 1532] chdir("./42") = 0 [pid 1532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1532] setpgid(0, 0) = 0 [pid 1532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1532] write(3, "1000", 4) = 4 [pid 1532] close(3) = 0 [pid 1532] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1532] write(1, "executing program\n", 18) = 18 [pid 1532] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1532] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1532] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1533]}, 88) = 1533 [pid 1532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1532] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1532] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1533 attached [ 41.711856][ T1511] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1533] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1533] memfd_create("syzkaller", 0) = 3 [pid 1533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1533] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1528] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 1528] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1533] ioctl(4, LOOP_SET_FD, 3 [pid 1528] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1533] <... ioctl resumed>) = 0 [pid 1528] close(4 [pid 291] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1533] close(3 [pid 1528] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1533] <... close resumed>) = 0 [pid 1528] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./40/file2", [pid 290] openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] newfstatat(AT_FDCWD, "./39/file2", [pid 1533] close(4 [pid 1528] <... futex resumed>) = 1 [pid 1525] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... openat resumed>) = 4 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1528] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1525] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(4, "", [pid 289] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1525] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1528] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1525] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] getdents64(4, [pid 289] openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1528] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 4 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1528] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 290] getdents64(4, [pid 289] <... openat resumed>) = 4 [pid 1528] <... futex resumed>) = 1 [pid 1525] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] newfstatat(4, "", [pid 1528] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1525] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(4 [pid 1528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1525] <... futex resumed>) = 0 [pid 291] getdents64(4, [pid 290] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1528] write(4, "#! \n", 4 [pid 1525] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] rmdir("./40/file2" [pid 1528] <... write resumed>) = 4 [pid 1525] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 1528] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] getdents64(4, [pid 290] <... rmdir resumed>) = 0 [pid 1528] <... futex resumed>) = 0 [pid 1525] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1528] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1525] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] getdents64(4, [pid 1525] <... mprotect resumed>) = 0 [pid 291] close(4 [pid 290] newfstatat(AT_FDCWD, "./40/binderfs", [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1525] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] close(4 [pid 1525] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] rmdir("./40/file2" [pid 290] unlink("./40/binderfs" [pid 289] <... close resumed>) = 0 [pid 1525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... unlink resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] getdents64(3, [pid 289] rmdir("./39/file2" [pid 1525] <... clone3 resumed> => {parent_tid=[1535]}, 88) = 1535 [pid 291] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1525] rt_sigprocmask(SIG_SETMASK, [], [pid 290] close(3 [pid 1525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 1525] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] rmdir("./40" [pid 289] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1535 attached [pid 1525] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./40/binderfs", [pid 290] <... rmdir resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1525] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] mkdir("./41", 0777 [pid 1535] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./39/binderfs", [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] unlink("./40/binderfs" [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1535] <... set_robust_list resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 289] unlink("./39/binderfs" [pid 291] getdents64(3, [pid 1535] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... unlink resumed>) = 0 [pid 291] close(3 [pid 289] getdents64(3, [pid 1535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1535] write(4, "#! \n", 4) = 4 [pid 291] rmdir("./40" [pid 289] close(3 [pid 1535] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1525] <... futex resumed>) = 0 [pid 1535] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1525] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1528] <... futex resumed>) = 0 [pid 1525] <... futex resumed>) = 1 [pid 1528] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1525] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 1528] <... mmap resumed>) = 0x200000000000 [pid 291] mkdir("./41", 0777 [pid 289] rmdir("./39" [pid 1528] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1525] <... futex resumed>) = 0 [pid 1528] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1525] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1525] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] mkdir("./40", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1525] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1535] <... futex resumed>) = ? [pid 1525] <... futex resumed>) = ? [pid 1535] +++ killed by SIGBUS +++ [pid 1528] +++ killed by SIGBUS +++ [pid 1525] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1525, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1533] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 1533] mkdir("./file2", 0777 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 1533] <... mkdir resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [ 41.901005][ T1528] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1533] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 290] close(3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... close resumed>) = 0 [pid 289] close(3 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1536 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1537 ./strace-static-x86_64: Process 1537 attached [pid 1537] set_robust_list(0x555594a056a0, 24) = 0 [pid 1537] chdir("./40") = 0 [pid 1537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1537] setpgid(0, 0) = 0 [pid 1537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 1536 attached [pid 1537] write(3, "1000", 4 [pid 1536] set_robust_list(0x555594a056a0, 24 [pid 1537] <... write resumed>) = 4 [pid 1537] close(3) = 0 [pid 1536] <... set_robust_list resumed>) = 0 [pid 1536] chdir("./41" [pid 1537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1536] <... chdir resumed>) = 0 [pid 1536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1536] setpgid(0, 0) = 0 [pid 1536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1537] write(1, "executing program\n", 18executing program ) = 18 [pid 1537] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... openat resumed>) = 3 [pid 1537] <... futex resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1537] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1536] write(3, "1000", 4) = 4 [pid 1537] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1536] close(3 [pid 1537] <... mprotect resumed>) = 0 [pid 1536] <... close resumed>) = 0 [pid 1537] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1536] symlink("/dev/binderfs", "./binderfs" [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1538 [pid 1536] <... symlink resumed>) = 0 [pid 1537] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1536] write(1, "executing program\n", 18executing program ) = 18 [pid 1536] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 288] <... umount2 resumed>) = 0 [pid 1537] <... clone3 resumed> => {parent_tid=[1540]}, 88) = 1540 [pid 1536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1537] rt_sigprocmask(SIG_SETMASK, [], [pid 1536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1536] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1537] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1537] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1536] <... mprotect resumed>) = 0 [pid 1536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1541]}, 88) = 1541 [pid 1536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1536] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 288] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1538 attached [pid 1538] set_robust_list(0x555594a056a0, 24) = 0 [pid 1538] chdir("./41") = 0 [pid 1538] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] umount2("./39/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1538] <... prctl resumed>) = 0 [pid 1538] setpgid(0, 0) = 0 [pid 1538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1538] write(3, "1000", 4) = 4 [pid 1538] close(3) = 0 [pid 1538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1538] write(1, "executing program\n", 18executing program ) = 18 [pid 1533] <... mount resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1533] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 1541 attached ./strace-static-x86_64: Process 1540 attached [pid 1533] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 4 [pid 1541] set_robust_list(0x7f0aecccf9a0, 24 [pid 1540] set_robust_list(0x7f0aecccf9a0, 24 [pid 1533] chdir("./file2" [pid 288] newfstatat(4, "", [pid 1538] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... set_robust_list resumed>) = 0 [pid 1541] rt_sigprocmask(SIG_SETMASK, [], [pid 1533] <... chdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1533] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] getdents64(4, [pid 1533] <... openat resumed>) = 4 [pid 1541] memfd_create("syzkaller", 0 [pid 1540] <... set_robust_list resumed>) = 0 [pid 1533] ioctl(4, LOOP_CLR_FD [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1533] <... ioctl resumed>) = 0 [pid 288] getdents64(4, [pid 1533] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1533] <... close resumed>) = 0 [pid 288] close(4 [pid 1533] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 1533] <... futex resumed>) = 1 [pid 1532] <... futex resumed>) = 0 [pid 288] rmdir("./39/file2" [pid 1533] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1532] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1540] memfd_create("syzkaller", 0) = 3 [pid 1532] <... futex resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 1533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1532] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1533] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 288] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1533] <... openat resumed>) = 4 [pid 288] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1533] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1532] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1533] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1532] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] unlink("./39/binderfs" [pid 1533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1532] <... futex resumed>) = 0 [pid 1538] <... futex resumed>) = 0 [pid 1541] <... memfd_create resumed>) = 3 [pid 288] <... unlink resumed>) = 0 [pid 1532] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1533] write(4, "#! \n", 4 [pid 1532] <... futex resumed>) = 0 [pid 288] getdents64(3, [pid 1538] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1533] <... write resumed>) = 4 [pid 1532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1533] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1533] <... futex resumed>) = 0 [pid 1532] <... mmap resumed>) = 0x7f0aecc8e000 [pid 288] close(3 [pid 1533] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1532] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] <... close resumed>) = 0 [pid 1532] <... mprotect resumed>) = 0 [pid 288] rmdir("./39" [pid 1538] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1532] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 1532] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] mkdir("./40", 0777 [pid 1532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1541] <... mmap resumed>) = 0x7f0ae48af000 ./strace-static-x86_64: Process 1543 attached [pid 1541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 288] <... mkdir resumed>) = 0 [pid 1541] <... write resumed>) = 524288 [pid 1538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1532] <... clone3 resumed> => {parent_tid=[1543]}, 88) = 1543 [pid 1538] <... mmap resumed>) = 0x7f0aeccaf000 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1538] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1532] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... openat resumed>) = 3 [pid 1532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1538] <... mprotect resumed>) = 0 [pid 1532] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] ioctl(3, LOOP_CLR_FD [pid 1532] <... futex resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1532] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] close(3 [pid 1543] set_robust_list(0x7f0aeccae9a0, 24 [pid 1541] munmap(0x7f0ae48af000, 138412032 [pid 288] <... close resumed>) = 0 [pid 1543] <... set_robust_list resumed>) = 0 [pid 1541] <... munmap resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1543] rt_sigprocmask(SIG_SETMASK, [], [pid 1541] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1541] <... openat resumed>) = 4 [pid 1543] write(4, "#! \n", 4 [pid 1541] ioctl(4, LOOP_SET_FD, 3 [pid 1543] <... write resumed>) = 4 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1544 [pid 1543] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1538] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1532] <... futex resumed>) = 0 [pid 1543] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1538] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1532] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1533] <... futex resumed>) = 0 [pid 1532] <... futex resumed>) = 1 [pid 1533] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1532] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1533] <... mmap resumed>) = 0x200000000000 [pid 1538] <... clone3 resumed> => {parent_tid=[1546]}, 88) = 1546 [pid 1533] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1538] rt_sigprocmask(SIG_SETMASK, [], [pid 1533] <... futex resumed>) = 1 [pid 1532] <... futex resumed>) = 0 [pid 1538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1533] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1532] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1538] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1532] <... futex resumed>) = 0 [pid 1540] <... write resumed>) = 524288 [pid 1540] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1540] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 1544 attached [pid 1544] set_robust_list(0x555594a056a0, 24) = 0 [pid 1544] chdir("./40") = 0 [pid 1544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1544] setpgid(0, 0) = 0 [pid 1544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1544] write(3, "1000", 4) = 4 [pid 1544] close(3) = 0 [pid 1544] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1544] write(1, "executing program\n", 18) = 18 [pid 1544] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1544] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1547]}, 88) = 1547 [pid 1544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1544] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1547 attached [pid 1547] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1547] memfd_create("syzkaller", 0) = 3 [pid 1547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1547] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1547] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1541] <... ioctl resumed>) = 0 [pid 1540] <... openat resumed>) = 4 [pid 1540] ioctl(4, LOOP_SET_FD, 3 [pid 1541] close(3) = 0 [pid 1541] close(4./strace-static-x86_64: Process 1546 attached [pid 1546] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1546] memfd_create("syzkaller", 0) = 3 [pid 1546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1532] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1538] <... futex resumed>) = 0 [pid 1538] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1533] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1547] <... openat resumed>) = 4 [pid 1543] <... futex resumed>) = ? [pid 1540] <... ioctl resumed>) = 0 [pid 1532] <... futex resumed>) = ? [pid 1547] ioctl(4, LOOP_SET_FD, 3 [pid 1540] close(3) = 0 [pid 1540] close(4 [pid 1543] +++ killed by SIGBUS +++ [pid 1546] <... write resumed>) = 524288 [pid 1533] +++ killed by SIGBUS +++ [pid 1532] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1546] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1546] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1541] <... close resumed>) = 0 [pid 1547] <... ioctl resumed>) = 0 [pid 1541] mkdir("./file2", 0777 [pid 1547] close(3) = 0 [pid 1547] close(4 [pid 1541] <... mkdir resumed>) = 0 [ 42.044821][ T1533] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1541] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1546] <... openat resumed>) = 4 [pid 1540] <... close resumed>) = 0 [pid 1540] mkdir("./file2", 0777 [pid 1546] ioctl(4, LOOP_SET_FD, 3 [pid 1540] <... mkdir resumed>) = 0 [pid 1540] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1547] <... close resumed>) = 0 [pid 1546] <... ioctl resumed>) = 0 [pid 1547] mkdir("./file2", 0777) = 0 [pid 1546] close(3 [pid 287] <... umount2 resumed>) = 0 [pid 1547] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1546] <... close resumed>) = 0 [pid 287] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1546] close(4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./42/file2") = 0 [pid 287] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./42/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./42") = 0 [pid 287] mkdir("./43", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1541] <... mount resumed>) = 0 [pid 1540] <... mount resumed>) = 0 [pid 1540] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1540] chdir("./file2") = 0 [pid 1540] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1541] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1547] <... mount resumed>) = 0 [pid 1541] chdir("./file2" [pid 1547] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1547] chdir("./file2") = 0 [pid 1547] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1541] <... chdir resumed>) = 0 [pid 1541] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1547] <... openat resumed>) = 4 [pid 1546] <... close resumed>) = 0 [pid 1541] <... openat resumed>) = 4 [pid 1540] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 1547] ioctl(4, LOOP_CLR_FD [pid 1541] ioctl(4, LOOP_CLR_FD [pid 1540] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 1547] <... ioctl resumed>) = 0 [pid 1541] <... ioctl resumed>) = 0 [pid 1540] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1547] close(4 [pid 1546] mkdir("./file2", 0777 [pid 1541] close(4 [pid 1540] close(4 [pid 287] close(3 [pid 1546] <... mkdir resumed>) = 0 [pid 1546] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1541] <... close resumed>) = 0 [pid 1547] <... close resumed>) = 0 [pid 1540] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... futex resumed>) = 1 [pid 1540] <... futex resumed>) = 1 [pid 1537] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1547] <... futex resumed>) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1541] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1540] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1537] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1547] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1544] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1537] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1559 [pid 1547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1544] <... futex resumed>) = 0 [pid 1541] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1540] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1537] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1536] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1559 attached [pid 1547] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1544] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1541] <... openat resumed>) = 4 [pid 1540] <... openat resumed>) = 4 [pid 1559] set_robust_list(0x555594a056a0, 24 [pid 1547] <... openat resumed>) = 4 [pid 1541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... futex resumed>) = 1 [pid 1540] <... futex resumed>) = 1 [pid 1537] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 0 [pid 1547] <... futex resumed>) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1541] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1540] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1537] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1547] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1544] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1537] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 0 [pid 1559] <... set_robust_list resumed>) = 0 [pid 1547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1544] <... futex resumed>) = 0 [pid 1541] write(4, "#! \n", 4 [pid 1540] write(4, "#! \n", 4 [pid 1537] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] chdir("./43" [pid 1547] write(4, "#! \n", 4 [pid 1546] <... mount resumed>) = 0 [pid 1544] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... write resumed>) = 4 [pid 1540] <... write resumed>) = 4 [pid 1537] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 0 [pid 1559] <... chdir resumed>) = 0 [pid 1547] <... write resumed>) = 4 [pid 1546] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1544] <... futex resumed>) = 0 [pid 1541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1559] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1546] <... openat resumed>) = 3 [pid 1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1541] <... futex resumed>) = 0 [pid 1540] <... futex resumed>) = 0 [pid 1537] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1536] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1559] <... prctl resumed>) = 0 [pid 1547] <... futex resumed>) = 0 [pid 1546] chdir("./file2" [pid 1544] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1541] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1540] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1537] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1536] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1559] setpgid(0, 0 [pid 1547] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1546] <... chdir resumed>) = 0 [pid 1544] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1537] <... mprotect resumed>) = 0 [pid 1536] <... mprotect resumed>) = 0 [pid 1559] <... setpgid resumed>) = 0 [pid 1546] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1544] <... mprotect resumed>) = 0 [pid 1537] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1536] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1546] <... openat resumed>) = 4 [pid 1544] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1537] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1536] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1559] <... openat resumed>) = 3 [pid 1546] ioctl(4, LOOP_CLR_FD [pid 1544] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 1561 attached [pid 1559] write(3, "1000", 4 [pid 1546] <... ioctl resumed>) = 0 [pid 1544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1559] <... write resumed>) = 4 [pid 1546] close(4./strace-static-x86_64: Process 1563 attached ./strace-static-x86_64: Process 1562 attached [pid 1561] set_robust_list(0x7f0aeccae9a0, 24 [pid 1559] close(3 [pid 1546] <... close resumed>) = 0 [pid 1537] <... clone3 resumed> => {parent_tid=[1561]}, 88) = 1561 [pid 1536] <... clone3 resumed> => {parent_tid=[1562]}, 88) = 1562 [pid 1563] set_robust_list(0x7f0aeccae9a0, 24 [pid 1562] set_robust_list(0x7f0aeccae9a0, 24 [pid 1561] <... set_robust_list resumed>) = 0 [pid 1544] <... clone3 resumed> => {parent_tid=[1563]}, 88) = 1563 [pid 1537] rt_sigprocmask(SIG_SETMASK, [], [pid 1536] rt_sigprocmask(SIG_SETMASK, [], [pid 1563] <... set_robust_list resumed>) = 0 [pid 1562] <... set_robust_list resumed>) = 0 [pid 1561] rt_sigprocmask(SIG_SETMASK, [], [pid 1544] rt_sigprocmask(SIG_SETMASK, [], [pid 1537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1563] rt_sigprocmask(SIG_SETMASK, [], [pid 1562] rt_sigprocmask(SIG_SETMASK, [], [pid 1561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1537] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1561] write(4, "#! \n", 4 [pid 1559] <... close resumed>) = 0 [pid 1546] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1537] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 0 [pid 1563] write(4, "#! \n", 4 [pid 1561] <... write resumed>) = 4 [pid 1559] symlink("/dev/binderfs", "./binderfs" [pid 1546] <... futex resumed>) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1538] <... futex resumed>) = 0 [pid 1537] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1536] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1563] <... write resumed>) = 4 [pid 1562] write(4, "#! \n", 4 executing program [pid 1561] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... symlink resumed>) = 0 [pid 1546] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1544] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1538] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1563] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1562] <... write resumed>) = 4 [pid 1561] <... futex resumed>) = 0 [pid 1559] write(1, "executing program\n", 18 [pid 1546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1538] <... futex resumed>) = 0 [pid 1537] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1563] <... futex resumed>) = 0 [pid 1562] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1561] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] <... write resumed>) = 18 [pid 1546] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1544] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] <... futex resumed>) = 0 [pid 1538] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1563] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1562] <... futex resumed>) = 1 [pid 1559] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1547] <... futex resumed>) = 0 [pid 1546] <... openat resumed>) = 4 [pid 1544] <... futex resumed>) = 1 [pid 1536] <... futex resumed>) = 0 [pid 1559] <... futex resumed>) = 0 [pid 1546] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1546] <... futex resumed>) = 0 [pid 1559] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1546] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1547] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1540] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1537] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1544] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1536] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1562] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1547] <... mmap resumed>) = 0x200000000000 [pid 1559] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1541] <... futex resumed>) = 0 [pid 1536] <... futex resumed>) = 1 [pid 1559] <... mprotect resumed>) = 0 [pid 1547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] <... mmap resumed>) = 0x200000000000 [pid 1538] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1547] <... futex resumed>) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1541] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1546] <... futex resumed>) = 0 [pid 1540] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1538] <... futex resumed>) = 1 [pid 1536] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1559] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1547] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1544] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1546] write(4, "#! \n", 4 [pid 1541] <... mmap resumed>) = 0x200000000000 [pid 1559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1544] <... futex resumed>) = 0 [pid 1540] <... futex resumed>) = 1 [pid 1538] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1537] <... futex resumed>) = 0 [pid 1546] <... write resumed>) = 4 [pid 1541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... clone3 resumed> => {parent_tid=[1564]}, 88) = 1564 [pid 1559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1559] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1564 attached [pid 1564] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1564] memfd_create("syzkaller", 0) = 3 [pid 1564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1564] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1564] ioctl(4, LOOP_SET_FD, 3 [pid 1544] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1540] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1538] <... futex resumed>) = 0 [pid 1538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1538] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1565]}, 88) = 1565 [pid 1538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1538] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1538] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] <... futex resumed>) = 0 [pid 1537] <... futex resumed>) = 1 ./strace-static-x86_64: Process 1565 attached [pid 1547] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1546] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1541] <... futex resumed>) = 1 [pid 1537] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1536] <... futex resumed>) = 0 [pid 1546] <... futex resumed>) = 0 [pid 1541] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1536] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1565] set_robust_list(0x7f0aeccae9a0, 24 [pid 1546] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1536] <... futex resumed>) = 0 [pid 1565] <... set_robust_list resumed>) = 0 [pid 1564] <... ioctl resumed>) = 0 [pid 1544] <... futex resumed>) = ? [pid 1540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1536] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1565] write(4, "#! \n", 4) = 4 [pid 1565] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1538] <... futex resumed>) = 0 [pid 1565] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1538] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1546] <... futex resumed>) = 0 [pid 1538] <... futex resumed>) = 1 [pid 1546] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1538] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1546] <... mmap resumed>) = 0x200000000000 [ 42.351699][ T1547] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 42.360034][ T1540] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 42.368378][ T1541] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1546] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1538] <... futex resumed>) = 0 [pid 1564] close(3 [pid 1563] <... futex resumed>) = ? [pid 1561] <... futex resumed>) = ? [pid 1541] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1538] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1562] <... futex resumed>) = ? [pid 1564] <... close resumed>) = 0 [pid 1564] close(4) = 0 [pid 1564] mkdir("./file2", 0777) = 0 [pid 1564] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1546] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1537] <... futex resumed>) = ? [pid 1536] <... futex resumed>) = ? [pid 1538] <... futex resumed>) = ? [pid 1562] +++ killed by SIGBUS +++ [pid 1561] +++ killed by SIGBUS +++ [pid 1563] +++ killed by SIGBUS +++ [pid 1541] +++ killed by SIGBUS +++ [pid 1536] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1536, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 1547] +++ killed by SIGBUS +++ [pid 1540] +++ killed by SIGBUS +++ [pid 1537] +++ killed by SIGBUS +++ [pid 1544] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1537, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1544, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1565] <... futex resumed>) = ? [pid 289] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1565] +++ killed by SIGBUS +++ [pid 1546] +++ killed by SIGBUS +++ [pid 1538] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1538, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... restart_syscall resumed>) = 0 [pid 290] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 288] newfstatat(3, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 288] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1564] <... mount resumed>) = 0 [pid 1564] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1564] chdir("./file2") = 0 [pid 1564] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./40/file2") = 0 [pid 289] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./40/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./40") = 0 [pid 289] mkdir("./41", 0777) = 0 [ 42.385111][ T1546] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1564] <... openat resumed>) = 4 [pid 1564] ioctl(4, LOOP_CLR_FD) = 0 [pid 1564] close(4) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 1564] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1559] <... futex resumed>) = 0 [pid 1564] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1559] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... openat resumed>) = 4 [pid 1559] <... futex resumed>) = 0 [pid 1564] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1564] <... futex resumed>) = 0 [pid 1559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1564] write(4, "#! \n", 4 [pid 1559] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... write resumed>) = 4 [pid 1559] <... futex resumed>) = 0 [pid 1564] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... futex resumed>) = 0 [pid 1559] <... futex resumed>) = 0 [pid 1564] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1559] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1569]}, 88) = 1569 [pid 1559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1559] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1569 attached [pid 1569] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1569] write(4, "#! \n", 4) = 4 [pid 1569] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... futex resumed>) = 0 [pid 1559] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... futex resumed>) = 0 [pid 1559] <... futex resumed>) = 1 [pid 1564] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1559] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = 0 [pid 1564] <... mmap resumed>) = 0x200000000000 [pid 1564] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1559] <... futex resumed>) = 0 [pid 1564] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1559] <... futex resumed>) = 0 [pid 1569] <... futex resumed>) = 1 [pid 291] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./41/file2", [pid 290] newfstatat(AT_FDCWD, "./41/file2", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] newfstatat(AT_FDCWD, "./40/file2", [pid 291] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./40/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] newfstatat(4, "", [pid 290] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] getdents64(4, [pid 291] close(4 [pid 290] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 288] close(4 [pid 291] rmdir("./41/file2" [pid 290] rmdir("./41/file2" [pid 288] <... close resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 288] rmdir("./40/file2" [pid 291] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... rmdir resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./41/binderfs", [pid 290] newfstatat(AT_FDCWD, "./41/binderfs", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] newfstatat(AT_FDCWD, "./40/binderfs", [pid 291] unlink("./41/binderfs" [pid 290] unlink("./41/binderfs" [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... unlink resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 288] unlink("./40/binderfs" [pid 291] getdents64(3, [pid 290] getdents64(3, [pid 288] <... unlink resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] getdents64(3, [pid 291] close(3 [pid 290] close(3 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 288] close(3 [pid 1569] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] rmdir("./41" [pid 290] rmdir("./41" [pid 288] <... close resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 288] rmdir("./40" [pid 291] mkdir("./42", 0777 [pid 290] mkdir("./42", 0777 [pid 288] <... rmdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 288] mkdir("./41", 0777 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... mkdir resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] <... openat resumed>) = 3 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] close(3 [pid 290] close(3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 288] close(3 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1570 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1571 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1572 ./strace-static-x86_64: Process 1572 attached ./strace-static-x86_64: Process 1571 attached ./strace-static-x86_64: Process 1570 attached [pid 1564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1559] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... openat resumed>) = 3 [pid 1572] set_robust_list(0x555594a056a0, 24 [pid 1571] set_robust_list(0x555594a056a0, 24 [pid 1570] set_robust_list(0x555594a056a0, 24 [pid 1559] <... futex resumed>) = ? [pid 289] ioctl(3, LOOP_CLR_FD [pid 1572] <... set_robust_list resumed>) = 0 [pid 1571] <... set_robust_list resumed>) = 0 [pid 1570] <... set_robust_list resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1572] chdir("./41" [pid 1571] chdir("./42" [pid 1570] chdir("./42" [pid 289] close(3 [pid 1572] <... chdir resumed>) = 0 [pid 1571] <... chdir resumed>) = 0 [pid 1570] <... chdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 1572] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1571] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1570] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1572] <... prctl resumed>) = 0 [pid 1571] <... prctl resumed>) = 0 [pid 1570] <... prctl resumed>) = 0 [pid 1572] setpgid(0, 0 [pid 1571] setpgid(0, 0 [pid 1570] setpgid(0, 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1573 [pid 1572] <... setpgid resumed>) = 0 [pid 1571] <... setpgid resumed>) = 0 [pid 1570] <... setpgid resumed>) = 0 [pid 1572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program executing program executing program [pid 1570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1572] <... openat resumed>) = 3 [pid 1571] <... openat resumed>) = 3 [pid 1570] <... openat resumed>) = 3 [pid 1572] write(3, "1000", 4 [pid 1571] write(3, "1000", 4 [pid 1570] write(3, "1000", 4 [pid 1572] <... write resumed>) = 4 [pid 1571] <... write resumed>) = 4 [pid 1570] <... write resumed>) = 4 [pid 1572] close(3 [pid 1571] close(3 [pid 1570] close(3 [pid 1572] <... close resumed>) = 0 [pid 1571] <... close resumed>) = 0 [pid 1570] <... close resumed>) = 0 [pid 1572] symlink("/dev/binderfs", "./binderfs" [pid 1571] symlink("/dev/binderfs", "./binderfs" [pid 1570] symlink("/dev/binderfs", "./binderfs" [pid 1572] <... symlink resumed>) = 0 [pid 1571] <... symlink resumed>) = 0 [pid 1570] <... symlink resumed>) = 0 [pid 1572] write(1, "executing program\n", 18 [pid 1571] write(1, "executing program\n", 18 [pid 1570] write(1, "executing program\n", 18 [pid 1572] <... write resumed>) = 18 [pid 1571] <... write resumed>) = 18 [pid 1570] <... write resumed>) = 18 [pid 1572] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1571] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1572] <... futex resumed>) = 0 [pid 1571] <... futex resumed>) = 0 [pid 1570] <... futex resumed>) = 0 [pid 1572] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1571] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1570] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1572] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1571] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1570] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1572] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1571] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1570] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1572] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1571] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1570] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1572] <... mprotect resumed>) = 0 [pid 1571] <... mprotect resumed>) = 0 [pid 1570] <... mprotect resumed>) = 0 [pid 1572] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1571] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1570] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1572] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1571] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1570] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1572] <... clone3 resumed> => {parent_tid=[1574]}, 88) = 1574 [pid 1571] <... clone3 resumed> => {parent_tid=[1575]}, 88) = 1575 [pid 1570] <... clone3 resumed> => {parent_tid=[1576]}, 88) = 1576 [pid 1572] rt_sigprocmask(SIG_SETMASK, [], [pid 1571] rt_sigprocmask(SIG_SETMASK, [], [pid 1570] rt_sigprocmask(SIG_SETMASK, [], [pid 1572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1572] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1571] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1572] <... futex resumed>) = 0 [pid 1571] <... futex resumed>) = 0 [pid 1570] <... futex resumed>) = 0 [pid 1572] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1571] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1570] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1573 attached [pid 1573] set_robust_list(0x555594a056a0, 24) = 0 [pid 1573] chdir("./41") = 0 [pid 1573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1573] setpgid(0, 0) = 0 [pid 1573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1573] write(3, "1000", 4) = 4 [pid 1573] close(3) = 0 [pid 1573] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1576 attached ) = 0 [pid 1569] <... futex resumed>) = ? executing program [pid 1573] write(1, "executing program\n", 18) = 18 [pid 1573] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1573] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1573] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1576] set_robust_list(0x7f0aecccf9a0, 24 [pid 1573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 1575 attached [pid 1573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1575] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1575] memfd_create("syzkaller", 0) = 3 [pid 1573] <... clone3 resumed> => {parent_tid=[1577]}, 88) = 1577 [pid 1576] <... set_robust_list resumed>) = 0 [pid 1573] rt_sigprocmask(SIG_SETMASK, [], [pid 1575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1575] <... mmap resumed>) = 0x7f0ae48af000 [pid 1573] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] rt_sigprocmask(SIG_SETMASK, [], [pid 1573] <... futex resumed>) = 0 [pid 1573] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1574 attached [pid 1574] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1574] memfd_create("syzkaller", 0) = 3 [pid 1576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1576] memfd_create("syzkaller", 0 [pid 1574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1576] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 1577 attached [pid 1577] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1577] memfd_create("syzkaller", 0) = 3 [pid 1577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1575] <... write resumed>) = 524288 [pid 1576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1574] <... write resumed>) = 524288 [pid 1569] +++ killed by SIGBUS +++ [pid 1564] +++ killed by SIGBUS +++ [pid 1559] +++ killed by SIGBUS +++ [pid 1575] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1575] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1575] ioctl(4, LOOP_SET_FD, 3 [pid 1574] munmap(0x7f0ae48af000, 138412032 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1574] <... munmap resumed>) = 0 [pid 1576] <... mmap resumed>) = 0x7f0ae48af000 [pid 1574] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1577] <... write resumed>) = 524288 [pid 1577] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1577] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1575] <... ioctl resumed>) = 0 [pid 1575] close(3) = 0 [pid 1575] close(4 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1576] <... write resumed>) = 524288 [pid 1576] munmap(0x7f0ae48af000, 138412032) = 0 [ 42.560166][ T1564] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1576] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1575] <... close resumed>) = 0 [pid 1574] <... openat resumed>) = 4 [pid 1576] <... openat resumed>) = 4 [pid 1576] ioctl(4, LOOP_SET_FD, 3 [pid 1575] mkdir("./file2", 0777 [pid 1574] ioctl(4, LOOP_SET_FD, 3 [pid 1575] <... mkdir resumed>) = 0 [pid 1575] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1577] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1577] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1576] <... ioctl resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./43/file2", [pid 1576] close(3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1576] <... close resumed>) = 0 [pid 287] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1576] close(4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./43/file2") = 0 [pid 287] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./43/binderfs") = 0 [pid 287] getdents64(3, [pid 1574] <... ioctl resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1574] close(3 [pid 287] close(3 [pid 1574] <... close resumed>) = 0 [pid 1574] close(4 [pid 287] <... close resumed>) = 0 [pid 1577] <... ioctl resumed>) = 0 [pid 287] rmdir("./43" [pid 1577] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 1577] <... close resumed>) = 0 [pid 287] mkdir("./44", 0777 [pid 1577] close(4 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1575] <... mount resumed>) = 0 [pid 1575] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1575] chdir("./file2") = 0 [pid 1575] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1574] <... close resumed>) = 0 [pid 1574] mkdir("./file2", 0777) = 0 [pid 1574] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1576] <... close resumed>) = 0 [pid 1576] mkdir("./file2", 0777) = 0 [pid 1576] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program [pid 1577] <... close resumed>) = 0 [pid 1577] mkdir("./file2", 0777) = 0 [pid 1577] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1584 ./strace-static-x86_64: Process 1584 attached [pid 1584] set_robust_list(0x555594a056a0, 24) = 0 [pid 1584] chdir("./44" [pid 1575] <... openat resumed>) = 4 [pid 1584] <... chdir resumed>) = 0 [pid 1584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1584] setpgid(0, 0 [pid 1575] ioctl(4, LOOP_CLR_FD [pid 1584] <... setpgid resumed>) = 0 [pid 1584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1584] write(3, "1000", 4) = 4 [pid 1584] close(3) = 0 [pid 1584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1584] write(1, "executing program\n", 18) = 18 [pid 1584] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1584] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1585]}, 88) = 1585 [pid 1584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1585 attached [pid 1585] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1585] memfd_create("syzkaller", 0) = 3 [pid 1585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1575] <... ioctl resumed>) = 0 [pid 1575] close(4) = 0 [pid 1575] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1571] <... futex resumed>) = 0 [pid 1575] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1571] <... futex resumed>) = 0 [pid 1575] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1571] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1575] <... openat resumed>) = 4 [pid 1575] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1571] <... futex resumed>) = 0 [pid 1571] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1571] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1575] write(4, "#! \n", 4) = 4 [pid 1571] <... clone3 resumed> => {parent_tid=[1586]}, 88) = 1586 [pid 1575] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1571] rt_sigprocmask(SIG_SETMASK, [], [pid 1575] <... futex resumed>) = 0 [pid 1571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1575] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] <... write resumed>) = 524288 ./strace-static-x86_64: Process 1586 attached [pid 1585] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1586] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1586] rt_sigprocmask(SIG_SETMASK, [], [pid 1585] ioctl(4, LOOP_SET_FD, 3 [pid 1586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1586] write(4, "#! \n", 4) = 4 [pid 1586] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1571] <... futex resumed>) = 0 [pid 1586] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1575] <... futex resumed>) = 0 [pid 1571] <... futex resumed>) = 1 [pid 1575] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1571] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1575] <... mmap resumed>) = 0x200000000000 [pid 1575] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1571] <... futex resumed>) = 0 [pid 1575] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1571] <... futex resumed>) = 0 [pid 1585] <... ioctl resumed>) = 0 [pid 1585] close(3) = 0 [pid 1585] close(4 [pid 1571] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1576] <... mount resumed>) = 0 [pid 1576] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1574] <... mount resumed>) = 0 [pid 1575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1574] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1576] <... openat resumed>) = 3 [pid 1574] <... openat resumed>) = 3 [pid 1574] chdir("./file2" [pid 1576] chdir("./file2" [pid 1574] <... chdir resumed>) = 0 [pid 1576] <... chdir resumed>) = 0 [pid 1574] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1576] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1586] <... futex resumed>) = ? [pid 1571] <... futex resumed>) = ? [pid 1577] <... mount resumed>) = 0 [pid 1586] +++ killed by SIGBUS +++ [pid 1577] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1577] chdir("./file2") = 0 [pid 1577] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1575] +++ killed by SIGBUS +++ [pid 1571] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1571, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1585] <... close resumed>) = 0 [pid 1576] <... openat resumed>) = 4 [pid 1576] ioctl(4, LOOP_CLR_FD) = 0 [pid 1576] close(4) = 0 [pid 1576] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1570] <... futex resumed>) = 0 [pid 1576] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1570] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1570] <... futex resumed>) = 0 [pid 1576] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1570] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] mkdir("./file2", 0777 [pid 1576] <... openat resumed>) = 4 [pid 1576] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... mkdir resumed>) = 0 [pid 1576] <... futex resumed>) = 1 [pid 1570] <... futex resumed>) = 0 [pid 1585] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1576] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1570] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1570] <... futex resumed>) = 0 [pid 1576] write(4, "#! \n", 4 [pid 1570] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... write resumed>) = 4 [pid 1570] <... futex resumed>) = 0 [pid 1576] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1576] <... futex resumed>) = 0 [pid 1570] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1576] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1570] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1594]}, 88) = 1594 [pid 1570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1570] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1570] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1594 attached [pid 1594] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1594] write(4, "#! \n", 4) = 4 [pid 1594] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] <... futex resumed>) = 0 [pid 1570] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... futex resumed>) = 0 [pid 1570] <... futex resumed>) = 1 [pid 1576] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1570] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1576] <... mmap resumed>) = 0x200000000000 [pid 1594] <... futex resumed>) = 1 [pid 1576] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1570] <... futex resumed>) = 0 [pid 1576] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1570] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 42.853767][ T1575] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1570] <... futex resumed>) = 0 [pid 1594] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1570] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1576] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1570] <... futex resumed>) = ? [pid 1594] <... futex resumed>) = ? [pid 1594] +++ killed by SIGBUS +++ [pid 1576] +++ killed by SIGBUS +++ [pid 1570] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1570, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1577] <... openat resumed>) = 4 [pid 1574] <... openat resumed>) = 4 [pid 1577] ioctl(4, LOOP_CLR_FD [pid 1574] ioctl(4, LOOP_CLR_FD [pid 1577] <... ioctl resumed>) = 0 [pid 1574] <... ioctl resumed>) = 0 [pid 1577] close(4 [pid 1574] close(4 [pid 1577] <... close resumed>) = 0 [pid 1574] <... close resumed>) = 0 [pid 1577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = 1 [pid 1574] <... futex resumed>) = 1 [pid 1573] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 0 [pid 1577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1574] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1573] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1572] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1573] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 0 [pid 1577] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1574] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1573] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1572] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1577] <... openat resumed>) = 4 [pid 1574] <... openat resumed>) = 4 [pid 1577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = 1 [pid 1574] <... futex resumed>) = 1 [pid 1573] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 0 [pid 1577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1574] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1573] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1572] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1573] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 0 [pid 1577] write(4, "#! \n", 4 [pid 1574] write(4, "#! \n", 4 [pid 1573] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1572] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... write resumed>) = 4 [pid 1574] <... write resumed>) = 4 [pid 1577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1573] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 0 [pid 1577] <... futex resumed>) = 0 [pid 1574] <... futex resumed>) = 0 [pid 1573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1574] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1573] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1572] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1573] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1572] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1573] <... mprotect resumed>) = 0 [pid 1572] <... mprotect resumed>) = 0 [pid 1573] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1572] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1573] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1572] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1573] <... clone3 resumed> => {parent_tid=[1595]}, 88) = 1595 [pid 1572] <... clone3 resumed> => {parent_tid=[1596]}, 88) = 1596 ./strace-static-x86_64: Process 1596 attached ./strace-static-x86_64: Process 1595 attached [pid 1573] rt_sigprocmask(SIG_SETMASK, [], [pid 1572] rt_sigprocmask(SIG_SETMASK, [], [pid 1573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1573] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1572] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1573] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 0 [pid 1573] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1572] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1596] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1596] write(4, "#! \n", 4) = 4 [pid 1596] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1595] set_robust_list(0x7f0aeccae9a0, 24 [pid 1572] <... futex resumed>) = 0 [pid 1596] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1572] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = 0 [pid 1572] <... futex resumed>) = 1 [pid 1574] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1572] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1595] <... set_robust_list resumed>) = 0 [pid 1574] <... mmap resumed>) = 0x200000000000 [pid 1574] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1572] <... futex resumed>) = 0 [pid 1574] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1572] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1572] <... futex resumed>) = 0 [ 42.914468][ T1576] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1595] rt_sigprocmask(SIG_SETMASK, [], [pid 1572] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1595] write(4, "#! \n", 4) = 4 [pid 1595] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1595] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1573] <... futex resumed>) = 0 [pid 1573] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1573] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1577] <... futex resumed>) = 0 [pid 1577] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1573] <... futex resumed>) = 0 [pid 1577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1573] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1573] <... futex resumed>) = 0 [pid 1573] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1574] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1596] <... futex resumed>) = ? [pid 1572] <... futex resumed>) = ? [pid 1596] +++ killed by SIGBUS +++ [pid 1574] +++ killed by SIGBUS +++ [pid 1572] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1572, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1585] <... mount resumed>) = 0 [pid 1585] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1585] chdir("./file2") = 0 [pid 1585] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1595] <... futex resumed>) = ? [pid 1573] <... futex resumed>) = ? [pid 1595] +++ killed by SIGBUS +++ [pid 1577] +++ killed by SIGBUS +++ [pid 1573] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1573, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 42.966210][ T1574] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 42.979998][ T1577] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1585] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 1585] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1585] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1585] close(4 [pid 288] newfstatat(AT_FDCWD, "./41/file2", [pid 1585] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1585] <... futex resumed>) = 1 [pid 1584] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1585] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... openat resumed>) = 4 [pid 1584] <... futex resumed>) = 0 [pid 288] openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] <... futex resumed>) = 0 [pid 1584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 288] <... openat resumed>) = 4 [pid 1585] write(4, "#! \n", 4 [pid 1584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... write resumed>) = 4 [pid 1584] <... futex resumed>) = 0 [pid 288] newfstatat(4, "", [pid 1585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1584] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... futex resumed>) = 0 [pid 1584] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1585] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 288] getdents64(4, [pid 1584] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 288] getdents64(4, [pid 1584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... umount2 resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1584] <... clone3 resumed> => {parent_tid=[1599]}, 88) = 1599 [pid 1584] rt_sigprocmask(SIG_SETMASK, [], [pid 290] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] close(4 [pid 1584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1584] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 1584] <... futex resumed>) = 0 [pid 1584] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] rmdir("./41/file2" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./42/file2", [pid 288] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./41/binderfs", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./41/binderfs") = 0 [pid 290] <... openat resumed>) = 4 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 290] newfstatat(4, "", [pid 288] rmdir("./41"./strace-static-x86_64: Process 1599 attached [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 1599] set_robust_list(0x7f0aeccae9a0, 24 [pid 288] mkdir("./42", 0777 [pid 1599] <... set_robust_list resumed>) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1599] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... mkdir resumed>) = 0 [pid 290] getdents64(4, [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1599] write(4, "#! \n", 4) = 4 [pid 1599] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1584] <... futex resumed>) = 0 [pid 1584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... futex resumed>) = 0 [pid 1584] <... futex resumed>) = 1 [pid 1585] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] <... mmap resumed>) = 0x200000000000 [pid 290] close(4 [pid 1585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 1585] <... futex resumed>) = 1 [pid 1584] <... futex resumed>) = 0 [pid 290] rmdir("./42/file2" [pid 1585] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1584] <... futex resumed>) = 0 [pid 1599] <... futex resumed>) = 1 [pid 290] <... rmdir resumed>) = 0 [pid 290] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1599] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] unlink("./42/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./42") = 0 [pid 290] mkdir("./43", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1599] <... futex resumed>) = ? [pid 1584] <... futex resumed>) = ? [pid 1599] +++ killed by SIGBUS +++ [pid 1585] +++ killed by SIGBUS +++ [pid 1584] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1584, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 291] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... ioctl resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./42/file2", [pid 288] close(3 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./42/file2") = 0 [pid 291] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./42/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./42") = 0 [pid 291] mkdir("./43", 0777) = 0 [ 43.056702][ T1585] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FDexecuting program [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1601 ./strace-static-x86_64: Process 1601 attached [pid 1601] set_robust_list(0x555594a056a0, 24) = 0 [pid 1601] chdir("./43" [pid 289] <... umount2 resumed>) = 0 [pid 1601] <... chdir resumed>) = 0 [pid 1601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1601] setpgid(0, 0) = 0 [pid 1601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1601] write(3, "1000", 4) = 4 [pid 1601] close(3) = 0 [pid 1601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1601] write(1, "executing program\n", 18) = 18 [pid 1601] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1601] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1601] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1602]}, 88) = 1602 [pid 1601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1601] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1601] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1602 attached [pid 1602] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1602] memfd_create("syzkaller", 0) = 3 [pid 1602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1603 [pid 1602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... umount2 resumed>) = 0 [pid 289] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1602] <... write resumed>) = 524288 [pid 1602] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1602] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1602] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1603 attached [pid 1603] set_robust_list(0x555594a056a0, 24) = 0 [pid 1603] chdir("./43") = 0 [pid 1603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1603] setpgid(0, 0) = 0 [pid 1603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1603] write(3, "1000", 4) = 4 [pid 1603] close(3) = 0 [pid 1603] symlink("/dev/binderfs", "./binderfs"executing program [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1603] <... symlink resumed>) = 0 [pid 1603] write(1, "executing program\n", 18) = 18 [pid 1603] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1603] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 1605 attached ) = 0x7f0aeccaf000 [pid 289] newfstatat(AT_FDCWD, "./41/file2", [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1605 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1603] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1603] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1605] set_robust_list(0x555594a056a0, 24 [pid 287] newfstatat(AT_FDCWD, "./44/file2", [pid 1603] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1605] <... set_robust_list resumed>) = 0 [pid 289] umount2("./41/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1605] chdir("./42" [pid 1603] <... clone3 resumed> => {parent_tid=[1606]}, 88) = 1606 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1606 attached [pid 1606] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1606] memfd_create("syzkaller", 0) = 3 [pid 1606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 289] close(4) = 0 [pid 287] rmdir("./44/file2" [pid 289] rmdir("./41/file2" [pid 287] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 287] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1606] <... write resumed>) = 524288 [pid 1606] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1606] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1606] close(3) = 0 [pid 1606] close(4 [pid 1602] <... ioctl resumed>) = 0 [pid 1602] close(3) = 0 [pid 1602] close(4 [pid 1605] <... chdir resumed>) = 0 [pid 1605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1605] setpgid(0, 0) = 0 [pid 1605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1605] write(3, "1000", 4) = 4 [pid 1605] close(3) = 0 [pid 1605] symlink("/dev/binderfs", "./binderfs" [pid 289] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 1605] <... symlink resumed>) = 0 [pid 1605] write(1, "executing program\n", 18) = 18 [pid 1605] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./41/binderfs", [pid 287] newfstatat(AT_FDCWD, "./44/binderfs", [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./41/binderfs" [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1605] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1605] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 289] <... unlink resumed>) = 0 [pid 287] unlink("./44/binderfs" [pid 289] getdents64(3, [pid 1605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... unlink resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] getdents64(3, [pid 289] close(3 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... close resumed>) = 0 [pid 287] close(3 [pid 289] rmdir("./41" [pid 287] <... close resumed>) = 0 [pid 1605] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1605] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 287] rmdir("./44" [pid 1605] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] mkdir("./42", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 1605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] mkdir("./45", 0777 [pid 289] <... mkdir resumed>) = 0 [pid 1605] <... clone3 resumed> => {parent_tid=[1608]}, 88) = 1608 [pid 1605] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1608 attached [pid 1608] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1608] memfd_create("syzkaller", 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1608] <... memfd_create resumed>) = 3 [pid 1608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1608] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1608] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1606] <... close resumed>) = 0 [pid 1606] mkdir("./file2", 0777) = 0 [pid 1606] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1602] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 287] close(3 [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1602] mkdir("./file2", 0777 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1609 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1610 [pid 1602] <... mkdir resumed>) = 0 [pid 1602] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1608] <... openat resumed>) = 4 [pid 1608] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1610 attached [pid 1610] set_robust_list(0x555594a056a0, 24) = 0 [pid 1610] chdir("./45") = 0 [pid 1610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 1609 attached [pid 1608] <... ioctl resumed>) = 0 [pid 1608] close(3) = 0 [pid 1608] close(4 [pid 1610] setpgid(0, 0) = 0 [pid 1610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1610] write(3, "1000", 4) = 4 [pid 1610] close(3) = 0 [pid 1610] symlink("/dev/binderfs", "./binderfs" [pid 1609] set_robust_list(0x555594a056a0, 24 [pid 1610] <... symlink resumed>) = 0 [pid 1609] <... set_robust_list resumed>) = 0 executing program [pid 1610] write(1, "executing program\n", 18) = 18 [pid 1610] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1610] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1610] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1610] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1610] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1610] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1609] chdir("./42" [pid 1610] <... clone3 resumed> => {parent_tid=[1612]}, 88) = 1612 [pid 1610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1612 attached [pid 1612] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1612] memfd_create("syzkaller", 0) = 3 [pid 1612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1609] <... chdir resumed>) = 0 [pid 1609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1609] setpgid(0, 0) = 0 [pid 1609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1609] write(3, "1000", 4) = 4 [pid 1609] close(3) = 0 [pid 1609] symlink("/dev/binderfs", "./binderfs" [pid 1612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1609] <... symlink resumed>) = 0 executing program [pid 1609] write(1, "executing program\n", 18) = 18 [pid 1609] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1609] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1609] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1612] <... write resumed>) = 524288 [pid 1612] munmap(0x7f0ae48af000, 138412032 [pid 1609] <... clone3 resumed> => {parent_tid=[1615]}, 88) = 1615 [pid 1612] <... munmap resumed>) = 0 [pid 1612] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 1615 attached [pid 1615] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1615] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1609] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1615] <... futex resumed>) = 0 [pid 1615] memfd_create("syzkaller", 0) = 3 [pid 1615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1606] <... mount resumed>) = 0 [pid 1602] <... mount resumed>) = 0 [pid 1609] <... futex resumed>) = 1 [pid 1609] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1606] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1606] chdir("./file2") = 0 [pid 1606] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1602] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1602] chdir("./file2") = 0 [pid 1602] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1615] <... write resumed>) = 524288 [pid 1615] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1615] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1612] <... openat resumed>) = 4 [pid 1608] <... close resumed>) = 0 [pid 1606] <... openat resumed>) = 4 [pid 1602] <... openat resumed>) = 4 [pid 1612] ioctl(4, LOOP_SET_FD, 3 [pid 1606] ioctl(4, LOOP_CLR_FD [pid 1602] ioctl(4, LOOP_CLR_FD [pid 1608] mkdir("./file2", 0777 [pid 1612] <... ioctl resumed>) = 0 [pid 1608] <... mkdir resumed>) = 0 [pid 1608] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1615] <... openat resumed>) = 4 [pid 1615] ioctl(4, LOOP_SET_FD, 3 [pid 1612] close(3) = 0 [pid 1612] close(4 [pid 1615] <... ioctl resumed>) = 0 [pid 1615] close(3 [pid 1606] <... ioctl resumed>) = 0 [pid 1602] <... ioctl resumed>) = 0 [pid 1606] close(4 [pid 1615] <... close resumed>) = 0 [pid 1615] close(4 [pid 1602] close(4 [pid 1608] <... mount resumed>) = 0 [pid 1608] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1608] chdir("./file2") = 0 [pid 1608] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1612] <... close resumed>) = 0 [pid 1606] <... close resumed>) = 0 [pid 1606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1612] mkdir("./file2", 0777 [pid 1603] <... futex resumed>) = 0 [pid 1612] <... mkdir resumed>) = 0 [pid 1603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1603] <... futex resumed>) = 1 [pid 1606] <... futex resumed>) = 0 [pid 1606] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1606] <... openat resumed>) = 4 [pid 1606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1603] <... futex resumed>) = 0 [pid 1606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1603] <... futex resumed>) = 0 [pid 1606] write(4, "#! \n", 4 [pid 1603] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1606] <... write resumed>) = 4 [pid 1603] <... futex resumed>) = 0 [pid 1606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1606] <... futex resumed>) = 0 [pid 1603] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1622]}, 88) = 1622 [pid 1603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1603] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1603] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1622 attached [pid 1622] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1622] write(4, "#! \n", 4) = 4 [pid 1622] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1603] <... futex resumed>) = 0 [pid 1603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1606] <... futex resumed>) = 0 [pid 1603] <... futex resumed>) = 1 [pid 1606] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1606] <... mmap resumed>) = 0x200000000000 [pid 1606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1603] <... futex resumed>) = 0 [pid 1622] <... futex resumed>) = 1 [pid 1603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1606] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1603] <... futex resumed>) = ? [pid 1622] +++ killed by SIGBUS +++ [pid 1606] +++ killed by SIGBUS +++ [pid 1603] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1603, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1615] <... close resumed>) = 0 [pid 1602] <... close resumed>) = 0 [pid 1615] mkdir("./file2", 0777 [pid 1602] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1615] <... mkdir resumed>) = 0 [pid 1602] <... futex resumed>) = 1 [pid 1615] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1602] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1601] <... futex resumed>) = 0 [pid 1601] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1602] <... futex resumed>) = 0 [pid 1601] <... futex resumed>) = 1 [pid 1602] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1601] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] <... openat resumed>) = 4 [pid 1602] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1601] <... futex resumed>) = 0 [pid 1602] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1601] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1601] <... futex resumed>) = 0 [pid 1602] write(4, "#! \n", 4 [pid 1601] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1602] <... write resumed>) = 4 [pid 1601] <... futex resumed>) = 0 [pid 1602] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1602] <... futex resumed>) = 0 [pid 1601] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1602] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1601] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1623]}, 88) = 1623 [pid 1601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1601] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1601] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1623 attached [pid 1623] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1623] write(4, "#! \n", 4) = 4 [pid 1623] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] <... futex resumed>) = 0 [pid 1601] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1602] <... futex resumed>) = 0 [pid 1601] <... futex resumed>) = 1 [pid 1602] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1601] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] <... mmap resumed>) = 0x200000000000 [pid 1623] <... futex resumed>) = 1 [pid 1602] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1601] <... futex resumed>) = 0 [pid 1623] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 43.462540][ T1606] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1601] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1601] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1623] <... futex resumed>) = ? [pid 1601] <... futex resumed>) = ? [pid 1623] +++ killed by SIGBUS +++ [pid 1602] +++ killed by SIGBUS +++ [pid 1601] +++ killed by SIGBUS +++ [pid 1615] <... mount resumed>) = 0 [pid 1615] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1615] chdir("./file2") = 0 [pid 1615] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1601, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 43.502751][ T1602] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1615] <... openat resumed>) = 4 [pid 1608] <... openat resumed>) = 4 [pid 1615] ioctl(4, LOOP_CLR_FD [pid 1608] ioctl(4, LOOP_CLR_FD [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./43/file2") = 0 [pid 290] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./43/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./43") = 0 [pid 290] mkdir("./44", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1612] <... mount resumed>) = 0 [pid 1612] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1612] chdir("./file2") = 0 [pid 1612] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1615] <... ioctl resumed>) = 0 [pid 1608] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 1612] <... openat resumed>) = 4 [pid 1612] ioctl(4, LOOP_CLR_FD) = 0 [pid 1612] close(4) = 0 [pid 1612] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1612] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1628 ./strace-static-x86_64: Process 1628 attached [pid 1615] close(4 [pid 1610] <... futex resumed>) = 0 [pid 1608] close(4 [pid 291] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1615] <... close resumed>) = 0 [pid 1610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1615] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 0 [pid 1610] <... futex resumed>) = 1 [pid 1608] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./43/file2", [pid 1615] <... futex resumed>) = 1 [pid 1612] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1609] <... futex resumed>) = 0 [pid 1608] <... futex resumed>) = 1 [pid 1605] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1615] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1612] <... openat resumed>) = 4 [pid 1609] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1612] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1609] <... futex resumed>) = 0 [pid 1608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1605] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1615] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1612] <... futex resumed>) = 1 [pid 1610] <... futex resumed>) = 0 [pid 1609] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1615] <... openat resumed>) = 4 [pid 1612] write(4, "#! \n", 4 [pid 1610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 4 [pid 1615] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... write resumed>) = 4 [pid 1610] <... futex resumed>) = 0 [pid 1608] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 1615] <... futex resumed>) = 1 [pid 1612] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1609] <... futex resumed>) = 0 [pid 1608] <... futex resumed>) = 1 [pid 1605] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1615] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1612] <... futex resumed>) = 0 [pid 1610] <... futex resumed>) = 0 [pid 1609] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 1615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1612] write(4, "#! \n", 4 [pid 1610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1609] <... futex resumed>) = 0 [pid 1608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1605] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1615] write(4, "#! \n", 4 [pid 1612] <... write resumed>) = 4 [pid 1609] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] write(4, "#! \n", 4 [pid 1605] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 1615] <... write resumed>) = 4 [pid 1612] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1609] <... futex resumed>) = 0 [pid 1608] <... write resumed>) = 4 [pid 1605] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1615] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 1 [pid 1610] <... futex resumed>) = 0 [pid 1609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1608] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] close(4 [pid 1615] <... futex resumed>) = 0 [pid 1612] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1609] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1608] <... futex resumed>) = 0 [pid 1605] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... close resumed>) = 0 [pid 1615] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1610] <... futex resumed>) = 0 [pid 1609] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1608] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1605] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] rmdir("./43/file2" [pid 1612] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1609] <... mprotect resumed>) = 0 [pid 1605] <... mprotect resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 1628] set_robust_list(0x555594a056a0, 24 [pid 1612] <... mmap resumed>) = 0x200000000000 [pid 1609] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1605] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1628] <... set_robust_list resumed>) = 0 [pid 1612] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1609] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1605] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1628] chdir("./44" [pid 1612] <... futex resumed>) = 1 [pid 1610] <... futex resumed>) = 0 [pid 1609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] newfstatat(AT_FDCWD, "./43/binderfs", [pid 1628] <... chdir resumed>) = 0 [pid 1612] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1628] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1610] <... futex resumed>) = 0 [pid 1609] <... clone3 resumed> => {parent_tid=[1629]}, 88) = 1629 [pid 1605] <... clone3 resumed> => {parent_tid=[1630]}, 88) = 1630 [pid 291] unlink("./43/binderfs"./strace-static-x86_64: Process 1630 attached ./strace-static-x86_64: Process 1629 attached [pid 1630] set_robust_list(0x7f0aeccae9a0, 24 [pid 1629] set_robust_list(0x7f0aeccae9a0, 24 [pid 1630] <... set_robust_list resumed>) = 0 [pid 1629] <... set_robust_list resumed>) = 0 [pid 1630] rt_sigprocmask(SIG_SETMASK, [], [pid 1629] rt_sigprocmask(SIG_SETMASK, [], [pid 1630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1630] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1629] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] <... prctl resumed>) = 0 [pid 1628] setpgid(0, 0) = 0 [pid 1628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1609] rt_sigprocmask(SIG_SETMASK, [], [pid 1605] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... unlink resumed>) = 0 [pid 1609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1609] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1605] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] <... futex resumed>) = 0 [pid 1609] <... futex resumed>) = 1 [pid 1605] <... futex resumed>) = 1 [pid 291] getdents64(3, [pid 1630] <... futex resumed>) = 0 [pid 1629] write(4, "#! \n", 4 [pid 1609] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1605] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1630] write(4, "#! \n", 4 [pid 1629] <... write resumed>) = 4 [pid 291] close(3 [pid 1630] <... write resumed>) = 4 [pid 1629] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1630] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 1630] <... futex resumed>) = 1 [pid 1629] <... futex resumed>) = 1 [pid 1609] <... futex resumed>) = 0 [pid 1605] <... futex resumed>) = 0 [pid 291] rmdir("./43" [pid 1630] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1629] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1609] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1628] <... openat resumed>) = 3 [pid 1615] <... futex resumed>) = 0 [pid 1609] <... futex resumed>) = 1 [pid 1608] <... futex resumed>) = 0 [pid 1605] <... futex resumed>) = 1 [pid 291] <... rmdir resumed>) = 0 [pid 1628] write(3, "1000", 4 [pid 1615] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1609] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] mkdir("./44", 0777 [pid 1615] <... mmap resumed>) = 0x200000000000 [pid 1608] <... mmap resumed>) = 0x200000000000 [pid 1628] <... write resumed>) = 4 [pid 291] <... mkdir resumed>) = 0 [pid 1628] close(3 [pid 1615] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1628] <... close resumed>) = 0 [pid 1615] <... futex resumed>) = 1 [pid 1609] <... futex resumed>) = 0 [pid 1608] <... futex resumed>) = 1 [pid 1605] <... futex resumed>) = 0 [pid 1628] symlink("/dev/binderfs", "./binderfs" [pid 1615] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1609] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 3 [pid 1628] <... symlink resumed>) = 0 executing program [pid 1615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1609] <... futex resumed>) = 0 [pid 1608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1605] <... futex resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 1628] write(1, "executing program\n", 18) = 18 [pid 1628] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1628] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1628] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1631]}, 88) = 1631 [pid 1628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1612] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1610] <... futex resumed>) = ? [pid 1609] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 43.645976][ T1612] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 43.668450][ T1615] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 1612] +++ killed by SIGBUS +++ [pid 1610] +++ killed by SIGBUS +++ [pid 291] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1610, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1632 [pid 1615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- ./strace-static-x86_64: Process 1631 attached [pid 1629] <... futex resumed>) = ? [pid 1609] <... futex resumed>) = ? [pid 1629] +++ killed by SIGBUS +++ [pid 1631] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1631] rt_sigprocmask(SIG_SETMASK, [], [pid 1615] +++ killed by SIGBUS +++ [pid 1609] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1609, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 1631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1631] memfd_create("syzkaller", 0) = 3 [pid 1631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 287] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, [pid 287] getdents64(3, [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1632 attached [pid 1632] set_robust_list(0x555594a056a0, 24) = 0 [pid 1632] chdir("./44") = 0 [pid 1632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1632] setpgid(0, 0 [pid 289] <... umount2 resumed>) = 0 [pid 1632] <... setpgid resumed>) = 0 [pid 289] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] newfstatat(AT_FDCWD, "./42/file2", [pid 1632] <... openat resumed>) = 3 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1632] write(3, "1000", 4 [pid 289] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1632] <... write resumed>) = 4 [pid 1631] <... write resumed>) = 524288 [pid 1608] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1632] close(3 [pid 289] openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1632] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 4 [pid 1632] symlink("/dev/binderfs", "./binderfs" [pid 289] newfstatat(4, "", [pid 1632] <... symlink resumed>) = 0 [pid 1631] munmap(0x7f0ae48af000, 138412032 [pid 1630] <... futex resumed>) = ? [pid 1605] <... futex resumed>) = ? [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, executing program [pid 1632] write(1, "executing program\n", 18) = 18 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1632] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(4) = 0 [pid 289] rmdir("./42/file2" [pid 1632] <... futex resumed>) = 0 [pid 1631] <... munmap resumed>) = 0 [pid 1630] +++ killed by SIGBUS +++ [pid 1632] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 1632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 289] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1632] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1632] <... mprotect resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1632] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] unlink("./42/binderfs" [pid 1632] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] <... unlink resumed>) = 0 [pid 1632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1632] <... clone3 resumed> => {parent_tid=[1633]}, 88) = 1633 [pid 289] close(3 [pid 1632] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... close resumed>) = 0 [pid 1632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] rmdir("./42"./strace-static-x86_64: Process 1633 attached [pid 1632] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1631] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1608] +++ killed by SIGBUS +++ [pid 1605] +++ killed by SIGBUS +++ [pid 1633] set_robust_list(0x7f0aecccf9a0, 24 [pid 289] <... rmdir resumed>) = 0 [pid 289] mkdir("./43", 0777 [pid 1633] <... set_robust_list resumed>) = 0 [pid 1632] <... futex resumed>) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1605, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1633] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1632] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1633] memfd_create("syzkaller", 0) = 3 [pid 1633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1633] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1633] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 43.683473][ T1608] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./45/file2") = 0 [pid 287] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./45/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./45") = 0 [pid 287] mkdir("./46", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1633] <... openat resumed>) = 4 [pid 1631] <... openat resumed>) = 4 [pid 1633] ioctl(4, LOOP_SET_FD, 3 [pid 1631] ioctl(4, LOOP_SET_FD, 3 [pid 1633] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 1633] close(3 [pid 288] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1633] <... close resumed>) = 0 [pid 1631] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1633] close(4 [pid 288] newfstatat(AT_FDCWD, "./42/file2", [pid 287] <... openat resumed>) = 3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./42/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./42/file2") = 0 [pid 288] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./42/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./42") = 0 [pid 288] mkdir("./43", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1636 [pid 289] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1633] <... close resumed>) = 0 [pid 1631] close(3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1633] mkdir("./file2", 0777) = 0 [pid 1633] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 1631] <... close resumed>) = 0 [pid 1631] close(4 [pid 289] close(3 [pid 287] <... close resumed>) = 0 [pid 1631] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1636 attached [pid 1636] set_robust_list(0x555594a056a0, 24) = 0 [pid 1636] chdir("./43") = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1631] mkdir("./file2", 0777 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1637 [pid 1636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1636] setpgid(0, 0) = 0 [pid 1636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1636] write(3, "1000", 4) = 4 [pid 1636] close(3) = 0 [pid 1636] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1636] write(1, "executing program\n", 18) = 18 [pid 1636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1636] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1636] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1631] <... mkdir resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1638 [pid 1631] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1636] <... clone3 resumed> => {parent_tid=[1639]}, 88) = 1639 [pid 1636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1636] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1636] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1637 attached [pid 1637] set_robust_list(0x555594a056a0, 24) = 0 executing program [pid 1637] chdir("./46") = 0 [pid 1637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1637] setpgid(0, 0) = 0 [pid 1637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1637] write(3, "1000", 4) = 4 [pid 1637] close(3) = 0 [pid 1637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1637] write(1, "executing program\n", 18) = 18 [pid 1637] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1637] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1642]}, 88) = 1642 [pid 1637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1637] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1633] <... mount resumed>) = 0 [pid 1633] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1633] chdir("./file2") = 0 [pid 1633] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1633] ioctl(4, LOOP_CLR_FD) = 0 [pid 1633] close(4) = 0 [pid 1633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1632] <... futex resumed>) = 0 [pid 1633] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1632] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1633] <... openat resumed>) = 4 [pid 1633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1632] <... futex resumed>) = 0 [pid 1633] write(4, "#! \n", 4 [pid 1632] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1633] <... write resumed>) = 4 [pid 1632] <... futex resumed>) = 0 [pid 1633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1633] <... futex resumed>) = 0 [pid 1632] <... futex resumed>) = 0 [pid 1633] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1632] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 1638 attached ) = 0 [pid 1638] set_robust_list(0x555594a056a0, 24) = 0 [pid 1632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1638] chdir("./43") = 0 [pid 1638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1638] setpgid(0, 0 [pid 1632] <... clone3 resumed> => {parent_tid=[1644]}, 88) = 1644 [pid 1632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1632] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1638] <... setpgid resumed>) = 0 [pid 1632] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1638] write(3, "1000", 4) = 4 [pid 1638] close(3) = 0 [pid 1638] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1638] write(1, "executing program\n", 18) = 18 [pid 1638] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1638] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1638] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1645]}, 88) = 1645 [pid 1638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1638] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1638] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1645 attached [pid 1645] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1645] memfd_create("syzkaller", 0) = 3 [pid 1645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1644 attached [pid 1644] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1644] write(4, "#! \n", 4) = 4 [pid 1644] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = 0 [pid 1644] <... futex resumed>) = 1 [pid 1632] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1633] <... futex resumed>) = 0 [pid 1632] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1633] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1632] <... futex resumed>) = 0 [pid 1633] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1632] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1632] <... futex resumed>) = 0 [pid 1645] <... write resumed>) = 524288 [pid 1645] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1645] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1645] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1639 attached [pid 1639] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1639] memfd_create("syzkaller", 0) = 3 [pid 1639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1639] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1639] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1642 attached [pid 1642] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1642] memfd_create("syzkaller", 0) = 3 [pid 1642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1642] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1642] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1644] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1632] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1645] <... ioctl resumed>) = 0 [pid 1639] <... openat resumed>) = 4 [pid 1642] <... openat resumed>) = 4 [pid 1639] ioctl(4, LOOP_SET_FD, 3 [pid 1642] ioctl(4, LOOP_SET_FD, 3 [pid 1645] close(3) = 0 [pid 1645] close(4 [pid 1633] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1644] <... futex resumed>) = ? [pid 1632] <... futex resumed>) = ? [pid 1644] +++ killed by SIGBUS +++ [pid 1631] <... mount resumed>) = 0 [pid 1639] <... ioctl resumed>) = 0 [pid 1631] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1631] chdir("./file2") = 0 [pid 1639] close(3 [pid 1631] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1639] <... close resumed>) = 0 [pid 1642] <... ioctl resumed>) = 0 [pid 1639] close(4 [pid 1645] <... close resumed>) = 0 [pid 1633] +++ killed by SIGBUS +++ [pid 1632] +++ killed by SIGBUS +++ [pid 1642] close(3) = 0 [pid 1642] close(4) = 0 [pid 1642] mkdir("./file2", 0777) = 0 [pid 1642] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1645] mkdir("./file2", 0777) = 0 [pid 1645] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1639] <... close resumed>) = 0 [pid 1631] <... openat resumed>) = 4 [pid 1639] mkdir("./file2", 0777 [pid 1631] ioctl(4, LOOP_CLR_FD [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1632, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1639] <... mkdir resumed>) = 0 [pid 1639] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1642] <... mount resumed>) = 0 [pid 1642] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1642] chdir("./file2") = 0 [pid 1642] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1645] <... mount resumed>) = 0 [pid 1645] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1645] chdir("./file2") = 0 [pid 1645] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1642] <... openat resumed>) = 4 [pid 1631] <... ioctl resumed>) = 0 [pid 1642] ioctl(4, LOOP_CLR_FD [pid 1631] close(4 [pid 1639] <... mount resumed>) = 0 [pid 1639] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1639] chdir("./file2") = 0 [ 43.854918][ T1633] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1639] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1645] <... openat resumed>) = 4 [pid 1642] <... ioctl resumed>) = 0 [pid 1639] <... openat resumed>) = 4 [pid 1631] <... close resumed>) = 0 [pid 1645] ioctl(4, LOOP_CLR_FD [pid 1642] close(4 [pid 1639] ioctl(4, LOOP_CLR_FD [pid 1631] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = 0 [pid 1642] <... close resumed>) = 0 [pid 1631] <... futex resumed>) = 1 [pid 1628] <... futex resumed>) = 0 [pid 1642] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1631] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1642] <... futex resumed>) = 1 [pid 1631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1628] <... futex resumed>) = 0 [pid 1642] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1631] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1631] <... openat resumed>) = 4 [pid 1631] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1628] <... futex resumed>) = 0 [pid 1631] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1628] <... futex resumed>) = 0 [pid 1631] write(4, "#! \n", 4 [pid 1628] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1631] <... write resumed>) = 4 [pid 1628] <... futex resumed>) = 0 [pid 1631] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1631] <... futex resumed>) = 0 [pid 1628] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1631] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1656]}, 88) = 1656 [pid 1645] <... ioctl resumed>) = 0 [pid 1637] <... futex resumed>) = 0 [pid 1628] rt_sigprocmask(SIG_SETMASK, [], [pid 1645] close(4 [pid 1637] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1645] <... close resumed>) = 0 [pid 1642] <... futex resumed>) = 0 [pid 1637] <... futex resumed>) = 1 [pid 1628] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1645] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1642] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1637] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1628] <... futex resumed>) = 0 [pid 291] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1628] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1639] <... ioctl resumed>) = 0 [pid 1639] close(4) = 0 [pid 1639] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1636] <... futex resumed>) = 0 [pid 1645] <... futex resumed>) = 1 [pid 1639] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1638] <... futex resumed>) = 0 [pid 1636] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1639] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1638] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1636] <... futex resumed>) = 0 [pid 1645] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1639] <... openat resumed>) = 4 [pid 1638] <... futex resumed>) = 0 [pid 1636] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1645] <... openat resumed>) = 4 [pid 1639] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1638] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1645] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1639] <... futex resumed>) = 0 [pid 1638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1636] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./44/file2", [pid 1645] <... futex resumed>) = 0 [pid 1639] write(4, "#! \n", 4 [pid 1638] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1636] <... futex resumed>) = 0 [pid 1645] write(4, "#! \n", 4 [pid 1639] <... write resumed>) = 4 [pid 1638] <... futex resumed>) = 0 [pid 1636] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1645] <... write resumed>) = 4 [pid 1639] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1638] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1636] <... futex resumed>) = 0 [pid 291] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1645] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1639] <... futex resumed>) = 0 [pid 1638] <... futex resumed>) = 0 [pid 1636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1645] <... futex resumed>) = 0 [pid 1639] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1645] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1642] <... openat resumed>) = 4 [pid 1638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1636] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1642] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1638] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1636] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1642] <... futex resumed>) = 1 [pid 1638] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1637] <... futex resumed>) = 0 [pid 1636] <... mprotect resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 1642] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1638] <... mprotect resumed>) = 0 [pid 1637] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1636] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1638] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] newfstatat(4, "", [pid 1637] <... futex resumed>) = 0 [pid 1642] write(4, "#! \n", 4 [pid 1638] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1637] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1636] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1642] <... write resumed>) = 4 [pid 1638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1637] <... futex resumed>) = 0 [pid 1636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] getdents64(4, [pid 1642] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1656 attached [pid 1637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1642] <... futex resumed>) = 0 [pid 1638] <... clone3 resumed> => {parent_tid=[1657]}, 88) = 1657 [pid 1637] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1642] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1638] rt_sigprocmask(SIG_SETMASK, [], [pid 1637] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1636] <... clone3 resumed> => {parent_tid=[1658]}, 88) = 1658 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1637] <... mprotect resumed>) = 0 [pid 1636] rt_sigprocmask(SIG_SETMASK, [], [pid 291] getdents64(4, [pid 1638] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1638] <... futex resumed>) = 0 [pid 1637] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1636] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(4 [pid 1638] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1636] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 1636] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] rmdir("./44/file2" [pid 1637] <... clone3 resumed> => {parent_tid=[1659]}, 88) = 1659 [pid 1656] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1637] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... rmdir resumed>) = 0 [pid 1637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1637] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1637] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1656] rt_sigprocmask(SIG_SETMASK, [], [pid 291] unlink("./44/binderfs" [pid 1656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... unlink resumed>) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./44" [pid 1656] write(4, "#! \n", 4./strace-static-x86_64: Process 1658 attached ./strace-static-x86_64: Process 1659 attached ./strace-static-x86_64: Process 1657 attached [pid 291] <... rmdir resumed>) = 0 [pid 291] mkdir("./45", 0777 [pid 1658] set_robust_list(0x7f0aeccae9a0, 24 [pid 1656] <... write resumed>) = 4 [pid 291] <... mkdir resumed>) = 0 [pid 1658] <... set_robust_list resumed>) = 0 [pid 1659] set_robust_list(0x7f0aeccae9a0, 24 [pid 1657] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1658] rt_sigprocmask(SIG_SETMASK, [], [pid 1659] <... set_robust_list resumed>) = 0 [pid 1657] <... set_robust_list resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 1658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1659] rt_sigprocmask(SIG_SETMASK, [], [pid 1658] write(4, "#! \n", 4 [pid 1657] rt_sigprocmask(SIG_SETMASK, [], [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 1659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1658] <... write resumed>) = 4 [pid 1657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] close(3) = 0 [pid 1658] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1659] write(4, "#! \n", 4 [pid 1657] write(4, "#! \n", 4 [pid 1656] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1658] <... futex resumed>) = 1 [pid 1636] <... futex resumed>) = 0 [pid 1659] <... write resumed>) = 4 [pid 1658] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1657] <... write resumed>) = 4 [pid 1656] <... futex resumed>) = 1 [pid 1636] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1628] <... futex resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1660 [pid 1656] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1631] <... futex resumed>) = 0 [pid 1628] <... futex resumed>) = 1 [pid 1631] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1631] <... mmap resumed>) = 0x200000000000 [pid 1631] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1628] <... futex resumed>) = 0 [pid 1631] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1628] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1660 attached [pid 1659] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1657] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1639] <... futex resumed>) = 0 [pid 1636] <... futex resumed>) = 1 [pid 1628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1660] set_robust_list(0x555594a056a0, 24 [pid 1659] <... futex resumed>) = 1 [pid 1657] <... futex resumed>) = 1 [pid 1639] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1638] <... futex resumed>) = 0 [pid 1637] <... futex resumed>) = 0 [pid 1636] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1660] <... set_robust_list resumed>) = 0 [pid 1659] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1657] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1639] <... mmap resumed>) = 0x200000000000 [pid 1638] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1645] <... futex resumed>) = 0 [pid 1642] <... futex resumed>) = 0 [pid 1639] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1638] <... futex resumed>) = 1 [pid 1637] <... futex resumed>) = 1 [pid 1660] chdir("./45" [pid 1645] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1642] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1639] <... futex resumed>) = 1 [pid 1638] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1637] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1636] <... futex resumed>) = 0 [pid 1645] <... mmap resumed>) = 0x200000000000 [pid 1642] <... mmap resumed>) = 0x200000000000 [pid 1636] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1656] <... futex resumed>) = ? [pid 1628] <... futex resumed>) = ? [pid 1656] +++ killed by SIGBUS +++ [pid 1631] +++ killed by SIGBUS +++ [pid 1628] +++ killed by SIGBUS +++ [pid 1660] <... chdir resumed>) = 0 [pid 1660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1660] setpgid(0, 0) = 0 [pid 1660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1660] write(3, "1000", 4) = 4 [pid 1660] close(3executing program ) = 0 [pid 1660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1660] write(1, "executing program\n", 18) = 18 [pid 1660] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1660] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1660] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1661]}, 88) = 1661 [pid 1660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1660] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1660] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1661 attached [pid 1661] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1661] memfd_create("syzkaller", 0) = 3 [pid 1661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1661] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1661] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1661] close(3) = 0 [pid 1661] close(4 [pid 1645] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1645] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1642] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1642] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1636] <... futex resumed>) = 0 [pid 1636] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1628, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 1638] <... futex resumed>) = 0 [pid 1637] <... futex resumed>) = 0 [pid 290] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1638] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1645] <... futex resumed>) = 0 [pid 1638] <... futex resumed>) = 1 [pid 1637] <... futex resumed>) = 1 [pid 1642] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1639] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1638] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1637] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1658] <... futex resumed>) = ? [pid 1636] <... futex resumed>) = ? [ 43.975790][ T1631] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 43.992609][ T1639] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 44.008223][ T1645] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1658] +++ killed by SIGBUS +++ [pid 1639] +++ killed by SIGBUS +++ [pid 1636] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1636, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1657] <... futex resumed>) = ? [pid 1638] <... futex resumed>) = ? [pid 1657] +++ killed by SIGBUS +++ [pid 1645] +++ killed by SIGBUS +++ [pid 1638] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1638, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 289] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", [pid 288] newfstatat(3, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, [pid 288] getdents64(3, [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1642] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1659] <... futex resumed>) = ? [pid 1637] <... futex resumed>) = ? [pid 1659] +++ killed by SIGBUS +++ [pid 1642] +++ killed by SIGBUS +++ [pid 1637] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1637, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1661] <... close resumed>) = 0 [pid 1661] mkdir("./file2", 0777) = 0 [ 44.008537][ T1642] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1661] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./43/file2"executing program ) = 0 [pid 289] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./43/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./43") = 0 [pid 288] <... umount2 resumed>) = 0 [pid 289] mkdir("./44", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1664 ./strace-static-x86_64: Process 1664 attached [pid 1664] set_robust_list(0x555594a056a0, 24) = 0 [pid 1664] chdir("./44") = 0 [pid 1664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1664] setpgid(0, 0) = 0 [pid 1664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1664] write(3, "1000", 4) = 4 [pid 1664] close(3 [pid 287] <... umount2 resumed>) = 0 [pid 1664] <... close resumed>) = 0 [pid 1664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1664] write(1, "executing program\n", 18) = 18 [pid 1664] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1664] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1664] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1665]}, 88) = 1665 [pid 1664] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1665 attached NULL, 8) = 0 [pid 290] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1661] <... mount resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(4, "", [pid 288] newfstatat(AT_FDCWD, "./43/file2", [pid 287] newfstatat(AT_FDCWD, "./46/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] getdents64(4, [pid 288] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] getdents64(4, [pid 288] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 1661] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 290] close(4 [pid 288] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 290] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] rmdir("./44/file2" [pid 288] getdents64(4, [pid 287] getdents64(4, [pid 290] <... rmdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(4, [pid 287] getdents64(4, [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] newfstatat(AT_FDCWD, "./44/binderfs", [pid 288] close(4 [pid 287] close(4 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1665] set_robust_list(0x7f0aecccf9a0, 24 [pid 1664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1661] <... openat resumed>) = 3 [pid 290] unlink("./44/binderfs" [pid 288] rmdir("./43/file2" [pid 287] rmdir("./46/file2" [pid 1661] chdir("./file2") = 0 [pid 290] <... unlink resumed>) = 0 [pid 1661] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1661] ioctl(4, LOOP_CLR_FD [pid 287] <... rmdir resumed>) = 0 [pid 1661] <... ioctl resumed>) = 0 [pid 1661] close(4 [pid 1665] <... set_robust_list resumed>) = 0 [pid 1664] <... futex resumed>) = 0 [pid 1661] <... close resumed>) = 0 [pid 290] getdents64(3, [pid 288] <... rmdir resumed>) = 0 [pid 287] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] close(3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./46/binderfs", [pid 290] <... close resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./43/binderfs", [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] rmdir("./44" [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./46/binderfs" [pid 290] <... rmdir resumed>) = 0 [pid 288] unlink("./43/binderfs" [pid 287] <... unlink resumed>) = 0 [pid 290] mkdir("./45", 0777 [pid 288] <... unlink resumed>) = 0 [pid 287] getdents64(3, [pid 1665] rt_sigprocmask(SIG_SETMASK, [], [pid 1664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1661] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... mkdir resumed>) = 0 [pid 288] getdents64(3, [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1661] <... futex resumed>) = 1 [pid 1660] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3 [pid 1665] memfd_create("syzkaller", 0 [pid 1661] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 3 [pid 288] close(3 [pid 287] <... close resumed>) = 0 [pid 1665] <... memfd_create resumed>) = 3 [pid 1661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1660] <... futex resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] <... close resumed>) = 0 [pid 287] rmdir("./46" [pid 1665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1661] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1660] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] rmdir("./43" [pid 287] <... rmdir resumed>) = 0 [pid 1665] <... mmap resumed>) = 0x7f0ae48af000 [pid 290] close(3 [pid 288] <... rmdir resumed>) = 0 [pid 287] mkdir("./47", 0777 [pid 1665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1661] <... openat resumed>) = 4 [pid 290] <... close resumed>) = 0 [pid 288] mkdir("./44", 0777 [pid 287] <... mkdir resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1661] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 1661] <... futex resumed>) = 1 [pid 1660] <... futex resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1668 [pid 288] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1661] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1660] <... futex resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 1661] write(4, "#! \n", 4 [pid 1660] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(3 [pid 287] <... close resumed>) = 0 [pid 1661] <... write resumed>) = 4 [pid 1660] <... futex resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1661] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1665] <... write resumed>) = 524288 [pid 1661] <... futex resumed>) = 0 [pid 1660] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1669 [pid 1661] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1670 [pid 1660] <... mprotect resumed>) = 0 [pid 1665] munmap(0x7f0ae48af000, 138412032 [pid 1660] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1665] <... munmap resumed>) = 0 [pid 1660] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1665] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1665] <... openat resumed>) = 4 [pid 1665] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1671 attached [pid 1671] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1660] <... clone3 resumed> => {parent_tid=[1671]}, 88) = 1671 [pid 1671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1660] rt_sigprocmask(SIG_SETMASK, [], [pid 1671] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1668 attached [pid 1660] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1671] <... futex resumed>) = 0 [pid 1660] <... futex resumed>) = 1 [pid 1668] set_robust_list(0x555594a056a0, 24 [pid 1660] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1671] write(4, "#! \n", 4 [pid 1668] <... set_robust_list resumed>) = 0 [pid 1668] chdir("./45" [pid 1671] <... write resumed>) = 4 [pid 1668] <... chdir resumed>) = 0 [pid 1668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1668] setpgid(0, 0) = 0 [pid 1668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1668] write(3, "1000", 4) = 4 [pid 1668] close(3) = 0 [pid 1668] symlink("/dev/binderfs", "./binderfs" [pid 1671] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] <... symlink resumed>) = 0 executing program [pid 1668] write(1, "executing program\n", 18) = 18 [pid 1668] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1668] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1668] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1660] <... futex resumed>) = 0 [pid 1671] <... futex resumed>) = 1 [pid 1660] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1661] <... futex resumed>) = 0 [pid 1671] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1661] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1660] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1668] <... clone3 resumed> => {parent_tid=[1673]}, 88) = 1673 [pid 1661] <... mmap resumed>) = 0x200000000000 [pid 1668] rt_sigprocmask(SIG_SETMASK, [], [pid 1661] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program executing program [pid 1661] <... futex resumed>) = 1 [pid 1660] <... futex resumed>) = 0 [pid 1661] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1668] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1660] <... futex resumed>) = 0 [pid 1668] <... futex resumed>) = 0 [pid 1668] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1673 attached [pid 1673] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1673] memfd_create("syzkaller", 0) = 3 [pid 1673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1673] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1673] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 1669 attached [pid 1669] set_robust_list(0x555594a056a0, 24) = 0 [pid 1669] chdir("./47") = 0 [pid 1669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1669] setpgid(0, 0) = 0 [pid 1669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1669] write(3, "1000", 4) = 4 [pid 1669] close(3) = 0 [pid 1669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1669] write(1, "executing program\n", 18) = 18 [pid 1669] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1669] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1669] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1674]}, 88) = 1674 [pid 1669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1669] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1669] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1674 attached [pid 1674] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1674] memfd_create("syzkaller", 0) = 3 [pid 1674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1674] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1674] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 1670 attached [pid 1670] set_robust_list(0x555594a056a0, 24) = 0 [pid 1670] chdir("./44") = 0 [pid 1670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1670] setpgid(0, 0) = 0 [pid 1670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1670] write(3, "1000", 4) = 4 [pid 1670] close(3) = 0 [pid 1670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1670] write(1, "executing program\n", 18) = 18 [pid 1670] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1670] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1670] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1670] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1675]}, 88) = 1675 [pid 1670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1670] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1670] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1675 attached [pid 1675] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1675] memfd_create("syzkaller", 0) = 3 [pid 1675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1660] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... ioctl resumed>) = 0 [pid 1674] <... openat resumed>) = 4 [pid 1673] <... openat resumed>) = 4 [pid 1674] ioctl(4, LOOP_SET_FD, 3 [pid 1673] ioctl(4, LOOP_SET_FD, 3 [pid 1665] close(3) = 0 [pid 1665] close(4 [pid 1661] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1660] <... futex resumed>) = ? [pid 1671] <... futex resumed>) = ? [pid 1675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1671] +++ killed by SIGBUS +++ [pid 1675] <... write resumed>) = 524288 [pid 1661] +++ killed by SIGBUS +++ [pid 1660] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1660, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1675] munmap(0x7f0ae48af000, 138412032 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1674] <... ioctl resumed>) = 0 [pid 1674] close(3) = 0 [pid 1674] close(4 [pid 1673] <... ioctl resumed>) = 0 [pid 1673] close(3 [pid 1675] <... munmap resumed>) = 0 [pid 1673] <... close resumed>) = 0 [pid 1673] close(4 [pid 1675] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1674] <... close resumed>) = 0 [pid 1665] <... close resumed>) = 0 [pid 1674] mkdir("./file2", 0777 [pid 1665] mkdir("./file2", 0777 [pid 1674] <... mkdir resumed>) = 0 [pid 1665] <... mkdir resumed>) = 0 [pid 1674] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1665] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1673] <... close resumed>) = 0 [pid 1673] mkdir("./file2", 0777 [pid 1675] <... openat resumed>) = 4 [pid 1675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1673] <... mkdir resumed>) = 0 [pid 1673] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1675] close(3) = 0 [ 44.271296][ T1661] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1675] close(4 [pid 1673] <... mount resumed>) = 0 [pid 1673] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1673] chdir("./file2") = 0 [pid 1673] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1675] <... close resumed>) = 0 [pid 1675] mkdir("./file2", 0777) = 0 [pid 1675] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1674] <... mount resumed>) = 0 [pid 1674] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1674] chdir("./file2") = 0 [pid 1674] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1673] <... openat resumed>) = 4 [pid 1673] ioctl(4, LOOP_CLR_FD) = 0 [pid 1673] close(4) = 0 [pid 1673] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1673] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1674] <... openat resumed>) = 4 [pid 1668] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 1668] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1674] ioctl(4, LOOP_CLR_FD [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1668] <... futex resumed>) = 1 [pid 1674] <... ioctl resumed>) = 0 [pid 1673] <... futex resumed>) = 0 [pid 1668] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1674] close(4 [pid 291] close(4 [pid 1673] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./45/file2" [pid 1674] <... close resumed>) = 0 [pid 1673] <... openat resumed>) = 4 [pid 291] <... rmdir resumed>) = 0 [pid 1674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1673] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1674] <... futex resumed>) = 1 [pid 1673] <... futex resumed>) = 1 [pid 1669] <... futex resumed>) = 0 [pid 1668] <... futex resumed>) = 0 [pid 1674] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1673] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1669] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1669] <... futex resumed>) = 0 [pid 1668] <... futex resumed>) = 0 [pid 1674] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1673] write(4, "#! \n", 4 [pid 1669] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1668] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1673] <... write resumed>) = 4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1668] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./45/binderfs", [pid 1673] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1673] <... futex resumed>) = 0 [pid 1673] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1668] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1674] <... openat resumed>) = 4 [pid 1668] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] unlink("./45/binderfs" [pid 1674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] <... mprotect resumed>) = 0 [pid 1674] <... futex resumed>) = 1 [pid 1669] <... futex resumed>) = 0 [pid 1668] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... unlink resumed>) = 0 [pid 1674] write(4, "#! \n", 4 [pid 1669] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1669] <... futex resumed>) = 0 [pid 1674] <... write resumed>) = 4 [pid 291] getdents64(3, [pid 1669] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1669] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 1674] <... futex resumed>) = 0 [pid 1669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... close resumed>) = 0 [pid 1674] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1669] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1668] <... clone3 resumed> => {parent_tid=[1683]}, 88) = 1683 [pid 291] rmdir("./45" [pid 1669] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1668] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... rmdir resumed>) = 0 [pid 1669] <... mprotect resumed>) = 0 [pid 1668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] mkdir("./46", 0777 [pid 1669] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1668] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... mkdir resumed>) = 0 [pid 1669] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1668] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1668] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1669] <... clone3 resumed> => {parent_tid=[1686]}, 88) = 1686 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1687 [pid 1669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1669] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1683 attached [pid 1669] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1683] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1683] write(4, "#! \n", 4) = 4 [pid 1683] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1668] <... futex resumed>) = 0 [pid 1683] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1668] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1673] <... futex resumed>) = 0 [pid 1668] <... futex resumed>) = 1 [pid 1673] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1668] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1673] <... mmap resumed>) = 0x200000000000 [pid 1673] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1668] <... futex resumed>) = 0 executing program [pid 1673] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1668] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1665] <... mount resumed>) = 0 [pid 1665] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1665] chdir("./file2") = 0 [pid 1665] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1665] ioctl(4, LOOP_CLR_FD) = 0 [pid 1665] close(4) = 0 [pid 1665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1665] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1686 attached [pid 1686] set_robust_list(0x7f0aeccae9a0, 24 [pid 1673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1668] <... futex resumed>) = 0 [pid 1664] <... futex resumed>) = 0 [pid 1668] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1686] <... set_robust_list resumed>) = 0 [pid 1686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1686] write(4, "#! \n", 4) = 4 [pid 1686] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1686] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1687 attached [pid 1687] set_robust_list(0x555594a056a0, 24) = 0 [pid 1687] chdir("./46") = 0 [pid 1687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1687] setpgid(0, 0) = 0 [pid 1687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1687] write(3, "1000", 4) = 4 [pid 1687] close(3) = 0 [pid 1687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1687] write(1, "executing program\n", 18) = 18 [pid 1687] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1687] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1690]}, 88) = 1690 [pid 1687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1687] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1690 attached [pid 1690] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1690] memfd_create("syzkaller", 0) = 3 [pid 1690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1690] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1690] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1690] ioctl(4, LOOP_SET_FD, 3 [pid 1675] <... mount resumed>) = 0 [pid 1675] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1675] chdir("./file2") = 0 [pid 1675] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1665] <... futex resumed>) = 0 [pid 1664] <... futex resumed>) = 1 [pid 1665] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1669] <... futex resumed>) = 0 [pid 1669] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1669] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... openat resumed>) = 4 [pid 1665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1664] <... futex resumed>) = 0 [pid 1665] write(4, "#! \n", 4 [pid 1664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1665] <... write resumed>) = 4 [pid 1664] <... futex resumed>) = 0 [pid 1665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1664] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1665] <... futex resumed>) = 0 [pid 1664] <... futex resumed>) = 0 [pid 1665] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1664] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1692]}, 88) = 1692 [pid 1664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1664] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1664] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1674] <... futex resumed>) = 0 [pid 1674] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1669] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1692 attached [pid 1673] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1669] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1692] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1692] write(4, "#! \n", 4) = 4 [pid 1692] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1664] <... futex resumed>) = 0 [pid 1692] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1665] <... futex resumed>) = 0 [pid 1664] <... futex resumed>) = 1 [pid 1665] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... mmap resumed>) = 0x200000000000 [pid 1665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1664] <... futex resumed>) = 0 [pid 1683] <... futex resumed>) = ? [pid 1674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1686] <... futex resumed>) = ? [pid 1669] <... futex resumed>) = ? [pid 1686] +++ killed by SIGBUS +++ [pid 1674] +++ killed by SIGBUS +++ [pid 1669] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1669, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1675] <... openat resumed>) = 4 [pid 287] <... restart_syscall resumed>) = 0 [pid 1675] ioctl(4, LOOP_CLR_FD) = 0 [pid 1675] close(4 [pid 287] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1675] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1675] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1675] <... futex resumed>) = 1 [pid 287] <... openat resumed>) = 3 [pid 1675] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1670] <... futex resumed>) = 0 [pid 1670] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] <... futex resumed>) = ? [pid 1664] <... futex resumed>) = 0 [pid 1690] <... ioctl resumed>) = 0 [pid 1690] close(3) = 0 [pid 1690] close(4 [pid 1675] <... futex resumed>) = 0 [pid 1670] <... futex resumed>) = 1 [pid 1675] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1670] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1683] +++ killed by SIGBUS +++ [pid 1675] <... openat resumed>) = 4 [pid 1675] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1673] +++ killed by SIGBUS +++ [pid 1668] +++ killed by SIGBUS +++ [pid 1675] <... futex resumed>) = 1 [pid 1675] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1670] <... futex resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1668, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1670] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1675] <... futex resumed>) = 0 [pid 1670] <... futex resumed>) = 1 [pid 1675] write(4, "#! \n", 4 [pid 1692] <... futex resumed>) = ? [pid 1670] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1664] <... futex resumed>) = ? [pid 1675] <... write resumed>) = 4 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1670] <... futex resumed>) = 0 [pid 1675] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1675] <... futex resumed>) = 0 [pid 1670] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1692] +++ killed by SIGBUS +++ [pid 1675] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1670] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 1693 attached [pid 1665] +++ killed by SIGBUS +++ [pid 1664] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1664, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 1670] <... clone3 resumed> => {parent_tid=[1693]}, 88) = 1693 [pid 1693] set_robust_list(0x7f0aeccae9a0, 24 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1670] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1670] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1693] <... set_robust_list resumed>) = 0 [pid 1693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1693] write(4, "#! \n", 4) = 4 [pid 1693] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1670] <... futex resumed>) = 0 [pid 1670] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1670] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1693] <... futex resumed>) = 1 [pid 1693] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1675] <... futex resumed>) = 0 [pid 1675] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1675] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1670] <... futex resumed>) = 0 [ 44.432840][ T1673] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 44.447001][ T1674] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 44.448943][ T1665] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1670] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 1670] <... futex resumed>) = 0 [pid 1675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1670] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1670] <... futex resumed>) = -1 (errno 18446744073709551450) [pid 1693] <... futex resumed>) = 230 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1693] +++ killed by SIGBUS +++ [pid 289] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 289] <... openat resumed>) = 3 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] newfstatat(3, "", [pid 290] getdents64(3, [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] getdents64(3, [pid 290] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1675] +++ killed by SIGBUS +++ [pid 1670] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1670, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1690] <... close resumed>) = 0 [pid 1690] mkdir("./file2", 0777) = 0 [pid 1690] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 44.483721][ T1675] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 288] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 288] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 289] <... umount2 resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 290] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] close(4 [pid 287] newfstatat(AT_FDCWD, "./47/file2", [pid 290] newfstatat(AT_FDCWD, "./45/file2", [pid 289] newfstatat(AT_FDCWD, "./44/file2", [pid 288] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] rmdir("./44/file2" [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... rmdir resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 288] newfstatat(AT_FDCWD, "./44/binderfs", [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] unlink("./44/binderfs" [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 288] <... unlink resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(3, [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] newfstatat(4, "", [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 290] close(4 [pid 289] close(4 [pid 288] <... close resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] rmdir("./44" [pid 290] rmdir("./45/file2" [pid 289] rmdir("./44/file2" [pid 288] <... rmdir resumed>) = 0 [pid 287] getdents64(4, [pid 288] mkdir("./45", 0777 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... rmdir resumed>) = 0 [pid 289] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] getdents64(4, [pid 290] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... openat resumed>) = 3 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1695 ./strace-static-x86_64: Process 1695 attached [pid 1695] set_robust_list(0x555594a056a0, 24) = 0 [pid 1695] chdir("./45") = 0 [pid 287] close(4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./44/binderfs", [pid 290] newfstatat(AT_FDCWD, "./45/binderfs", [pid 287] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] rmdir("./47/file2" [pid 290] unlink("./45/binderfs" [pid 289] unlink("./44/binderfs" [pid 1695] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] <... rmdir resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 287] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1695] <... prctl resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 289] getdents64(3, [pid 290] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 290] close(3 [pid 287] newfstatat(AT_FDCWD, "./47/binderfs", [pid 289] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./45" [pid 289] rmdir("./44" [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1695] setpgid(0, 0 [pid 290] <... rmdir resumed>) = 0 [pid 287] unlink("./47/binderfs" [pid 1695] <... setpgid resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 1695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] mkdir("./46", 0777 [pid 289] mkdir("./45", 0777 [pid 287] <... unlink resumed>) = 0 [pid 1695] <... openat resumed>) = 3 [pid 290] <... mkdir resumed>) = 0 [pid 287] getdents64(3, [pid 1695] write(3, "1000", 4) = 4 [pid 289] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 287] close(3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... openat resumed>) = 3 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] <... close resumed>) = 0 [pid 290] close(3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] rmdir("./47" [pid 290] <... close resumed>) = 0 [pid 289] close(3 [pid 1695] close(3 [pid 289] <... close resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] mkdir("./48", 0777 [pid 1695] <... close resumed>) = 0 [pid 1695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 287] <... mkdir resumed>) = 0 [pid 1695] write(1, "executing program\n", 18 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1696 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1697 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 1695] <... write resumed>) = 18 [pid 1695] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1698 [pid 1695] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1695] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1699]}, 88) = 1699 [pid 1695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1695] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1695] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1696 attached [pid 1696] set_robust_list(0x555594a056a0, 24) = 0 [pid 1696] chdir("./46") = 0 [pid 1696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1696] setpgid(0, 0) = 0 [pid 1696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1696] write(3, "1000", 4) = 4 [pid 1696] close(3) = 0 [pid 1696] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1697 attached ) = 0 executing program [pid 1696] write(1, "executing program\n", 18) = 18 [pid 1696] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1696] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1696] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1696] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 1698 attached [pid 1697] set_robust_list(0x555594a056a0, 24 [pid 1696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1698] set_robust_list(0x555594a056a0, 24 [pid 1697] <... set_robust_list resumed>) = 0 [pid 1690] <... mount resumed>) = 0 [pid 1690] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1698] <... set_robust_list resumed>) = 0 [pid 1697] chdir("./45" [pid 1690] <... openat resumed>) = 3 [pid 1697] <... chdir resumed>) = 0 [pid 1690] chdir("./file2" [pid 1698] chdir("./48" [pid 1697] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1690] <... chdir resumed>) = 0 [pid 1698] <... chdir resumed>) = 0 [pid 1697] <... prctl resumed>) = 0 [pid 1690] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1698] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1697] setpgid(0, 0 [pid 1690] <... openat resumed>) = 4 [pid 1698] <... prctl resumed>) = 0 [pid 1697] <... setpgid resumed>) = 0 [pid 1690] ioctl(4, LOOP_CLR_FD) = 0 [pid 1690] close(4 [pid 1697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1690] <... close resumed>) = 0 [pid 1698] setpgid(0, 0 [pid 1697] <... openat resumed>) = 3 [pid 1690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] <... setpgid resumed>) = 0 [pid 1697] write(3, "1000", 4 [pid 1696] <... clone3 resumed> => {parent_tid=[1701]}, 88) = 1701 [pid 1690] <... futex resumed>) = 1 [pid 1687] <... futex resumed>) = 0 [pid 1698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1697] <... write resumed>) = 4 [pid 1696] rt_sigprocmask(SIG_SETMASK, [], [pid 1690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] <... openat resumed>) = 3 [pid 1697] close(3 [pid 1696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1687] <... futex resumed>) = 0 [pid 1698] write(3, "1000", 4 [pid 1697] <... close resumed>) = 0 [pid 1696] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1690] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1687] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... write resumed>) = 4 [pid 1697] symlink("/dev/binderfs", "./binderfs" [pid 1696] <... futex resumed>) = 0 [pid 1690] <... openat resumed>) = 4 [pid 1698] close(3 [pid 1697] <... symlink resumed>) = 0 [pid 1696] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] <... close resumed>) = 0 [pid 1697] write(1, "executing program\n", 18 [pid 1690] <... futex resumed>) = 1 executing program [pid 1687] <... futex resumed>) = 0 [pid 1698] symlink("/dev/binderfs", "./binderfs" [pid 1697] <... write resumed>) = 18 [pid 1690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1699 attached [pid 1690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1687] <... futex resumed>) = 0 [pid 1699] set_robust_list(0x7f0aecccf9a0, 24 [pid 1690] write(4, "#! \n", 4 [pid 1687] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... set_robust_list resumed>) = 0 [pid 1690] <... write resumed>) = 4 [pid 1687] <... futex resumed>) = 0 [pid 1699] rt_sigprocmask(SIG_SETMASK, [], [pid 1690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1690] <... futex resumed>) = 0 [pid 1687] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1699] memfd_create("syzkaller", 0 [pid 1690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1699] <... memfd_create resumed>) = 3 [pid 1687] <... mprotect resumed>) = 0 [pid 1699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1687] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1699] <... mmap resumed>) = 0x7f0ae48af000 [pid 1687] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1698] <... symlink resumed>) = 0 [pid 1697] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}executing program ./strace-static-x86_64: Process 1701 attached [pid 1698] write(1, "executing program\n", 18 [pid 1697] <... futex resumed>) = 0 [pid 1698] <... write resumed>) = 18 [pid 1687] <... clone3 resumed> => {parent_tid=[1702]}, 88) = 1702 [pid 1687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1687] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1697] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1701] set_robust_list(0x7f0aecccf9a0, 24 [pid 1698] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1701] <... set_robust_list resumed>) = 0 [pid 1698] <... futex resumed>) = 0 [pid 1697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1701] rt_sigprocmask(SIG_SETMASK, [], [pid 1698] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1697] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1702 attached [pid 1702] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1702] write(4, "#! \n", 4) = 4 [pid 1702] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1698] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1701] memfd_create("syzkaller", 0 [pid 1698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1697] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1701] <... memfd_create resumed>) = 3 [pid 1698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1697] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1697] <... mprotect resumed>) = 0 [pid 1698] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1697] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1701] <... mmap resumed>) = 0x7f0ae48af000 [pid 1698] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1697] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1698] <... mprotect resumed>) = 0 [pid 1697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1687] <... futex resumed>) = 0 [pid 1698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1697] <... clone3 resumed> => {parent_tid=[1703]}, 88) = 1703 [pid 1687] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] rt_sigprocmask(SIG_SETMASK, [], [pid 1690] <... futex resumed>) = 0 [pid 1687] <... futex resumed>) = 1 [pid 1698] <... clone3 resumed> => {parent_tid=[1704]}, 88) = 1704 [pid 1697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1690] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1687] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1702] <... futex resumed>) = 1 [pid 1698] rt_sigprocmask(SIG_SETMASK, [], [pid 1697] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1690] <... mmap resumed>) = 0x200000000000 [pid 1702] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1699] <... write resumed>) = 524288 [pid 1698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1697] <... futex resumed>) = 0 [pid 1690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1690] <... futex resumed>) = 1 [pid 1687] <... futex resumed>) = 0 [pid 1699] munmap(0x7f0ae48af000, 138412032 [pid 1698] <... futex resumed>) = 0 [pid 1690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... munmap resumed>) = 0 [pid 1698] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1687] <... futex resumed>) = 0 [pid 1701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1699] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1687] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] <... openat resumed>) = 4 [pid 1699] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1703 attached ./strace-static-x86_64: Process 1704 attached [pid 1703] set_robust_list(0x7f0aecccf9a0, 24 [pid 1704] set_robust_list(0x7f0aecccf9a0, 24 [pid 1703] <... set_robust_list resumed>) = 0 [pid 1704] <... set_robust_list resumed>) = 0 [pid 1703] rt_sigprocmask(SIG_SETMASK, [], [pid 1704] rt_sigprocmask(SIG_SETMASK, [], [pid 1703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1701] <... write resumed>) = 524288 [pid 1704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1701] munmap(0x7f0ae48af000, 138412032 [pid 1703] memfd_create("syzkaller", 0 [pid 1701] <... munmap resumed>) = 0 [pid 1704] memfd_create("syzkaller", 0 [pid 1701] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1704] <... memfd_create resumed>) = 3 [pid 1703] <... memfd_create resumed>) = 3 [pid 1704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1704] <... mmap resumed>) = 0x7f0ae48af000 [pid 1704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1703] <... mmap resumed>) = 0x7f0ae48af000 [pid 1704] <... write resumed>) = 524288 [pid 1690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1687] <... futex resumed>) = ? [pid 1702] <... futex resumed>) = -1 (errno 18446744073709551615) [pid 1704] munmap(0x7f0ae48af000, 138412032 [pid 1702] +++ killed by SIGBUS +++ [pid 1701] <... openat resumed>) = 4 [pid 1699] <... ioctl resumed>) = 0 [pid 1704] <... munmap resumed>) = 0 [pid 1701] ioctl(4, LOOP_SET_FD, 3 [pid 1699] close(3 [pid 1690] +++ killed by SIGBUS +++ [pid 1687] +++ killed by SIGBUS +++ [pid 1704] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1687, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 1699] <... close resumed>) = 0 [pid 1704] <... openat resumed>) = 4 [pid 1701] <... ioctl resumed>) = 0 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1704] ioctl(4, LOOP_SET_FD, 3 [pid 1701] close(3) = 0 [pid 1701] close(4 [pid 1699] close(4 [pid 1704] <... ioctl resumed>) = 0 [pid 1703] <... write resumed>) = 524288 [pid 1699] <... close resumed>) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 1704] close(3 [pid 1699] mkdir("./file2", 0777 [pid 1703] munmap(0x7f0ae48af000, 138412032 [pid 1704] <... close resumed>) = 0 [pid 1704] close(4 [pid 1703] <... munmap resumed>) = 0 [pid 1703] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1699] <... mkdir resumed>) = 0 [pid 291] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1699] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1701] <... close resumed>) = 0 [pid 1701] mkdir("./file2", 0777) = 0 [pid 1701] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1699] <... mount resumed>) = 0 [pid 1699] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1699] chdir("./file2") = 0 [ 44.739320][ T1690] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1699] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1704] <... close resumed>) = 0 [pid 1703] <... openat resumed>) = 4 [pid 1704] mkdir("./file2", 0777 [pid 1703] ioctl(4, LOOP_SET_FD, 3 [pid 1704] <... mkdir resumed>) = 0 [pid 1704] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1703] <... ioctl resumed>) = 0 [pid 1699] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 1699] ioctl(4, LOOP_CLR_FD [pid 1703] close(3 [pid 1699] <... ioctl resumed>) = 0 [pid 1703] <... close resumed>) = 0 [pid 1699] close(4 [pid 1703] close(4 [pid 1699] <... close resumed>) = 0 [pid 291] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1703] <... close resumed>) = 0 [pid 1699] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1703] mkdir("./file2", 0777 [pid 1699] <... futex resumed>) = 1 [pid 1695] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./46/file2", [pid 1703] <... mkdir resumed>) = 0 [pid 1699] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1695] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1703] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1695] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1699] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1695] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1699] <... openat resumed>) = 4 [pid 1699] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1699] <... futex resumed>) = 1 [pid 1695] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1699] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1695] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1695] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 1699] write(4, "#! \n", 4 [pid 1695] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 1699] <... write resumed>) = 4 [pid 1695] <... futex resumed>) = 0 [pid 1699] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1699] <... futex resumed>) = 0 [pid 1695] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1699] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1695] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] getdents64(4, [pid 1695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] getdents64(4, [pid 1695] <... clone3 resumed> => {parent_tid=[1715]}, 88) = 1715 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1695] rt_sigprocmask(SIG_SETMASK, [], [pid 291] close(4 [pid 1695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 1695] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./46/file2"./strace-static-x86_64: Process 1715 attached [pid 1695] <... futex resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 1715] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1715] <... set_robust_list resumed>) = 0 [pid 1704] <... mount resumed>) = 0 [pid 1695] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1715] rt_sigprocmask(SIG_SETMASK, [], [pid 291] newfstatat(AT_FDCWD, "./46/binderfs", [pid 1715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1701] <... mount resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1715] write(4, "#! \n", 4 [pid 1704] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1701] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 291] unlink("./46/binderfs" [pid 1715] <... write resumed>) = 4 [pid 1704] <... openat resumed>) = 3 [pid 1701] <... openat resumed>) = 3 [pid 291] <... unlink resumed>) = 0 [pid 1715] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] chdir("./file2" [pid 1701] chdir("./file2" [pid 291] getdents64(3, [pid 1715] <... futex resumed>) = 1 [pid 1704] <... chdir resumed>) = 0 [pid 1701] <... chdir resumed>) = 0 [pid 1695] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1715] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1704] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1701] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1695] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 1704] <... openat resumed>) = 4 [pid 1701] <... openat resumed>) = 4 [pid 1699] <... futex resumed>) = 0 [pid 1695] <... futex resumed>) = 1 [pid 291] <... close resumed>) = 0 [pid 1704] ioctl(4, LOOP_CLR_FD [pid 1701] ioctl(4, LOOP_CLR_FD [pid 1699] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1695] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] rmdir("./46" [pid 1704] <... ioctl resumed>) = 0 [pid 1701] <... ioctl resumed>) = 0 [pid 1699] <... mmap resumed>) = 0x200000000000 [pid 291] <... rmdir resumed>) = 0 [pid 1704] close(4 [pid 1701] close(4 [pid 1699] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] mkdir("./47", 0777 [pid 1704] <... close resumed>) = 0 [pid 1701] <... close resumed>) = 0 [pid 1699] <... futex resumed>) = 1 [pid 1695] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 1704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1695] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1704] <... futex resumed>) = 1 [pid 1701] <... futex resumed>) = 1 [pid 1699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1698] <... futex resumed>) = 0 [pid 1696] <... futex resumed>) = 0 [pid 1695] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 1704] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1701] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1716 [pid 1698] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1698] <... futex resumed>) = 0 [pid 1696] <... futex resumed>) = 0 [pid 1704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1695] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1704] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1701] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1698] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1696] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1701] <... openat resumed>) = 4 ./strace-static-x86_64: Process 1716 attached [pid 1704] <... openat resumed>) = 4 [pid 1701] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1716] set_robust_list(0x555594a056a0, 24 [pid 1704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] <... futex resumed>) = 1 [pid 1696] <... futex resumed>) = 0 [pid 1715] <... futex resumed>) = ? [pid 1704] <... futex resumed>) = 1 [pid 1701] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1716] <... set_robust_list resumed>) = 0 [pid 1698] <... futex resumed>) = 0 [pid 1696] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1695] <... futex resumed>) = ? [pid 1704] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1716] chdir("./47" [pid 1715] +++ killed by SIGBUS +++ [pid 1704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1701] write(4, "#! \n", 4 [pid 1698] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... futex resumed>) = 0 [pid 1716] <... chdir resumed>) = 0 [pid 1704] write(4, "#! \n", 4 [pid 1701] <... write resumed>) = 4 [pid 1698] <... futex resumed>) = 0 [pid 1696] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1704] <... write resumed>) = 4 [pid 1701] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... futex resumed>) = 0 [pid 1716] <... prctl resumed>) = 0 [pid 1704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] <... futex resumed>) = 0 [pid 1698] <... futex resumed>) = 0 [pid 1696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1716] setpgid(0, 0 [pid 1704] <... futex resumed>) = 0 [pid 1701] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1716] <... setpgid resumed>) = 0 [pid 1704] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1699] +++ killed by SIGBUS +++ [pid 1698] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1696] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1695] +++ killed by SIGBUS +++ [pid 1716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1698] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1696] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1695, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1716] <... openat resumed>) = 3 [pid 1703] <... mount resumed>) = 0 [pid 1698] <... mprotect resumed>) = 0 [pid 1696] <... mprotect resumed>) = 0 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1716] write(3, "1000", 4 [pid 1703] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1698] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1696] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1716] <... write resumed>) = 4 [pid 1703] <... openat resumed>) = 3 [pid 1698] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1696] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1716] close(3 [pid 1703] chdir("./file2" [pid 1698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1716] <... close resumed>) = 0 [pid 1703] <... chdir resumed>) = 0 executing program [pid 1716] symlink("/dev/binderfs", "./binderfs" [pid 1703] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1716] <... symlink resumed>) = 0 [pid 1703] ioctl(4, LOOP_CLR_FD [pid 1698] <... clone3 resumed> => {parent_tid=[1719]}, 88) = 1719 [pid 1696] <... clone3 resumed> => {parent_tid=[1720]}, 88) = 1720 [pid 1716] write(1, "executing program\n", 18 [pid 1703] <... ioctl resumed>) = 0 [pid 1698] rt_sigprocmask(SIG_SETMASK, [], [pid 1696] rt_sigprocmask(SIG_SETMASK, [], [pid 1716] <... write resumed>) = 18 [pid 1703] close(4 [pid 1698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1716] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1703] <... close resumed>) = 0 [pid 1698] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] <... futex resumed>) = 0 [pid 1703] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] <... futex resumed>) = 0 [pid 1696] <... futex resumed>) = 0 [pid 1716] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1703] <... futex resumed>) = 1 [pid 1698] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1697] <... futex resumed>) = 0 [pid 1696] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1716] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1703] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1697] <... futex resumed>) = 0 [pid 1716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1703] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1697] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1703] <... openat resumed>) = 4 [pid 1716] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1703] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1703] <... futex resumed>) = 1 [pid 1697] <... futex resumed>) = 0 [pid 1716] <... mprotect resumed>) = 0 [pid 1703] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1697] <... futex resumed>) = 0 [pid 1716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1703] write(4, "#! \n", 4 [pid 1697] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1703] <... write resumed>) = 4 [pid 1697] <... futex resumed>) = 0 [pid 1703] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1703] <... futex resumed>) = 0 [pid 1697] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1716] <... clone3 resumed> => {parent_tid=[1721]}, 88) = 1721 [pid 1703] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1716] rt_sigprocmask(SIG_SETMASK, [], [pid 1697] <... mprotect resumed>) = 0 [pid 1716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1697] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1716] <... futex resumed>) = 0 [pid 1697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1697] <... clone3 resumed> => {parent_tid=[1722]}, 88) = 1722 [pid 1697] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... restart_syscall resumed>) = 0 [pid 1697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1697] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1697] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1722 attached ./strace-static-x86_64: Process 1721 attached ./strace-static-x86_64: Process 1720 attached ./strace-static-x86_64: Process 1719 attached [pid 1722] set_robust_list(0x7f0aeccae9a0, 24 [pid 1721] set_robust_list(0x7f0aecccf9a0, 24 [pid 1720] set_robust_list(0x7f0aeccae9a0, 24 [pid 1719] set_robust_list(0x7f0aeccae9a0, 24 [pid 1722] <... set_robust_list resumed>) = 0 [pid 1721] <... set_robust_list resumed>) = 0 [pid 1720] <... set_robust_list resumed>) = 0 [pid 1719] <... set_robust_list resumed>) = 0 [pid 1722] rt_sigprocmask(SIG_SETMASK, [], [pid 1721] rt_sigprocmask(SIG_SETMASK, [], [pid 1720] rt_sigprocmask(SIG_SETMASK, [], [pid 1719] rt_sigprocmask(SIG_SETMASK, [], [pid 1722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1722] write(4, "#! \n", 4 [pid 1721] memfd_create("syzkaller", 0 [pid 1720] write(4, "#! \n", 4 [pid 1719] write(4, "#! \n", 4 [pid 1722] <... write resumed>) = 4 [pid 1721] <... memfd_create resumed>) = 3 [pid 1720] <... write resumed>) = 4 [pid 1719] <... write resumed>) = 4 [pid 1722] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1720] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1719] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... futex resumed>) = 1 [pid 1721] <... mmap resumed>) = 0x7f0ae48af000 [pid 1720] <... futex resumed>) = 1 [pid 1719] <... futex resumed>) = 1 [pid 1698] <... futex resumed>) = 0 [pid 1697] <... futex resumed>) = 0 [pid 1696] <... futex resumed>) = 0 [pid 1720] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1719] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1698] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1703] <... futex resumed>) = 0 [pid 1701] <... futex resumed>) = 0 [pid 1698] <... futex resumed>) = 1 [pid 1697] <... futex resumed>) = 1 [pid 1696] <... futex resumed>) = 1 [pid 1722] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1704] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1703] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1701] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1698] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1697] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1696] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1704] <... mmap resumed>) = 0x200000000000 [pid 1703] <... mmap resumed>) = 0x200000000000 [pid 1701] <... mmap resumed>) = 0x200000000000 [pid 1721] <... write resumed>) = 524288 [pid 1704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 1 [pid 1703] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1701] <... futex resumed>) = 1 [pid 1698] <... futex resumed>) = 0 [pid 1696] <... futex resumed>) = 0 [pid 1704] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1703] <... futex resumed>) = 1 [pid 1701] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1698] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... futex resumed>) = 0 [pid 1696] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1703] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1698] <... futex resumed>) = 0 [ 44.926891][ T1699] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1697] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... futex resumed>) = 0 [pid 1721] munmap(0x7f0ae48af000, 138412032 [pid 1703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1697] <... futex resumed>) = 0 [pid 1721] <... munmap resumed>) = 0 [pid 1698] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1697] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1696] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1721] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1704] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1719] <... futex resumed>) = ? [pid 1698] <... futex resumed>) = ? [pid 1719] +++ killed by SIGBUS +++ [pid 1704] +++ killed by SIGBUS +++ [pid 1698] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1698, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1703] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1722] <... futex resumed>) = ? [pid 1697] <... futex resumed>) = ? [pid 1722] +++ killed by SIGBUS +++ [pid 1703] +++ killed by SIGBUS +++ [pid 1697] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1697, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... restart_syscall resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(3, "", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] getdents64(3, [pid 289] <... openat resumed>) = 3 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] newfstatat(3, "", [pid 287] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1701] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1720] <... futex resumed>) = ? [pid 1696] <... futex resumed>) = ? [pid 1720] +++ killed by SIGBUS +++ [pid 1701] +++ killed by SIGBUS +++ [pid 1696] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1696, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1721] <... openat resumed>) = 4 [pid 1721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 1721] close(3) = 0 [pid 1721] close(4) = 0 [pid 1721] mkdir("./file2", 0777) = 0 [pid 1721] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./45/file2") = 0 [pid 288] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./45/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./45") = 0 [pid 288] mkdir("./46", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1721] <... mount resumed>) = 0 [pid 1721] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1721] chdir("./file2") = 0 [ 44.965049][ T1704] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 44.965624][ T1703] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 44.979868][ T1701] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1721] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1721] ioctl(4, LOOP_CLR_FD) = 0 [pid 1721] close(4) = 0 [pid 1721] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1716] <... futex resumed>) = 0 [pid 1721] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 1721] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 289] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1721] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1721] <... futex resumed>) = 1 [pid 1716] <... futex resumed>) = 0 [pid 288] close(3 [pid 1721] write(4, "#! \n", 4 [pid 1716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 1721] <... write resumed>) = 4 [pid 1716] <... futex resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1721] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1721] <... futex resumed>) = 0 [pid 1716] <... futex resumed>) = 0 [pid 290] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1727 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1721] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./45/file2", [pid 287] newfstatat(AT_FDCWD, "./48/file2", [pid 1716] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] newfstatat(AT_FDCWD, "./46/file2", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1716] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1716] <... mprotect resumed>) = 0 [pid 290] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 1716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 1716] <... clone3 resumed> => {parent_tid=[1728]}, 88) = 1728 [pid 1716] rt_sigprocmask(SIG_SETMASK, [], [pid 290] newfstatat(4, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1716] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 1716] <... futex resumed>) = 0 [pid 1716] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 290] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 287] close(4 [pid 290] close(4 [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] rmdir("./45/file2" [pid 287] rmdir("./48/file2" [pid 290] rmdir("./46/file2" [pid 289] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 289] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./45/binderfs", [pid 287] newfstatat(AT_FDCWD, "./48/binderfs", [pid 290] newfstatat(AT_FDCWD, "./46/binderfs", [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./45/binderfs" [pid 287] unlink("./48/binderfs" [pid 290] unlink("./46/binderfs" [pid 289] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 289] getdents64(3, [pid 287] getdents64(3, [pid 290] getdents64(3, [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 287] close(3 [pid 290] close(3 [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] rmdir("./45" [pid 287] rmdir("./48" [pid 290] rmdir("./46" [pid 289] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 289] mkdir("./46", 0777 [pid 287] mkdir("./49", 0777 [pid 290] mkdir("./47", 0777 [pid 289] <... mkdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 287] close(3 [pid 290] close(3 [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1729 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1730 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1731 executing program executing program executing program ./strace-static-x86_64: Process 1727 attached [pid 1727] set_robust_list(0x555594a056a0, 24) = 0 [pid 1727] chdir("./46") = 0 [pid 1727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1727] setpgid(0, 0) = 0 [pid 1727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 1731 attached [pid 1731] set_robust_list(0x555594a056a0, 24) = 0 [pid 1731] chdir("./47" [pid 1727] <... openat resumed>) = 3 [pid 1731] <... chdir resumed>) = 0 [pid 1727] write(3, "1000", 4) = 4 [pid 1727] close(3 [pid 1731] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1727] <... close resumed>) = 0 [pid 1731] <... prctl resumed>) = 0 [pid 1731] setpgid(0, 0 [pid 1727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1731] <... setpgid resumed>) = 0 [pid 1731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 1730 attached [pid 1730] set_robust_list(0x555594a056a0, 24 [pid 1727] write(1, "executing program\n", 18) = 18 [pid 1727] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... set_robust_list resumed>) = 0 [pid 1730] chdir("./49" [pid 1731] write(3, "1000", 4 [pid 1727] <... futex resumed>) = 0 [pid 1731] <... write resumed>) = 4 [pid 1727] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1731] close(3 [pid 1727] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1731] <... close resumed>) = 0 [pid 1727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1731] symlink("/dev/binderfs", "./binderfs" [pid 1727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1730] <... chdir resumed>) = 0 [pid 1731] <... symlink resumed>) = 0 [pid 1727] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1727] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1730] setpgid(0, 0 [pid 1727] <... mprotect resumed>) = 0 [pid 1727] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1730] <... setpgid resumed>) = 0 [pid 1730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1731] write(1, "executing program\n", 18 [pid 1727] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1731] <... write resumed>) = 18 [pid 1727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1731] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... openat resumed>) = 3 [pid 1731] <... futex resumed>) = 0 [pid 1731] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1730] write(3, "1000", 4) = 4 [pid 1731] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1730] close(3 [pid 1731] <... mprotect resumed>) = 0 [pid 1731] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1730] <... close resumed>) = 0 [pid 1727] <... clone3 resumed> => {parent_tid=[1732]}, 88) = 1732 ./strace-static-x86_64: Process 1729 attached [pid 1731] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1730] symlink("/dev/binderfs", "./binderfs" [pid 1727] rt_sigprocmask(SIG_SETMASK, [], [pid 1731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1730] <... symlink resumed>) = 0 [pid 1729] set_robust_list(0x555594a056a0, 24 [pid 1727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1730] write(1, "executing program\n", 18 [pid 1729] <... set_robust_list resumed>) = 0 [pid 1727] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1731] <... clone3 resumed> => {parent_tid=[1733]}, 88) = 1733 [pid 1730] <... write resumed>) = 18 [pid 1729] chdir("./46" [pid 1727] <... futex resumed>) = 0 [pid 1731] rt_sigprocmask(SIG_SETMASK, [], [pid 1730] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] <... chdir resumed>) = 0 [pid 1727] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1730] <... futex resumed>) = 0 [pid 1729] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1731] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1729] <... prctl resumed>) = 0 [pid 1731] <... futex resumed>) = 0 [pid 1730] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1729] setpgid(0, 0 [pid 1731] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1729] <... setpgid resumed>) = 0 [pid 1730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1729] <... openat resumed>) = 3 [pid 1730] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1729] write(3, "1000", 4 [pid 1730] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1729] <... write resumed>) = 4 [pid 1730] <... mprotect resumed>) = 0 [pid 1729] close(3./strace-static-x86_64: Process 1728 attached [pid 1730] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1729] <... close resumed>) = 0 [pid 1730] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1729] symlink("/dev/binderfs", "./binderfs" [pid 1730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1729] <... symlink resumed>) = 0 executing program [pid 1729] write(1, "executing program\n", 18 [pid 1730] <... clone3 resumed> => {parent_tid=[1734]}, 88) = 1734 [pid 1729] <... write resumed>) = 18 [pid 1730] rt_sigprocmask(SIG_SETMASK, [], [pid 1729] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1729] <... futex resumed>) = 0 [pid 1730] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1730] <... futex resumed>) = 0 [pid 1729] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1730] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 ./strace-static-x86_64: Process 1732 attached [pid 1729] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 1733 attached [pid 1732] set_robust_list(0x7f0aecccf9a0, 24 [pid 1729] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 1734 attached [pid 1733] set_robust_list(0x7f0aecccf9a0, 24 [pid 1728] set_robust_list(0x7f0aeccae9a0, 24 [pid 1734] set_robust_list(0x7f0aecccf9a0, 24 [pid 1733] <... set_robust_list resumed>) = 0 [pid 1732] <... set_robust_list resumed>) = 0 [pid 1729] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1728] <... set_robust_list resumed>) = 0 [pid 1734] <... set_robust_list resumed>) = 0 [pid 1728] rt_sigprocmask(SIG_SETMASK, [], [pid 1734] rt_sigprocmask(SIG_SETMASK, [], [pid 1733] rt_sigprocmask(SIG_SETMASK, [], [pid 1732] rt_sigprocmask(SIG_SETMASK, [], [pid 1729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1728] write(4, "#! \n", 4./strace-static-x86_64: Process 1735 attached [pid 1734] memfd_create("syzkaller", 0 [pid 1733] memfd_create("syzkaller", 0 [pid 1732] memfd_create("syzkaller", 0 [pid 1728] <... write resumed>) = 4 [pid 1734] <... memfd_create resumed>) = 3 [pid 1733] <... memfd_create resumed>) = 3 [pid 1732] <... memfd_create resumed>) = 3 [pid 1729] <... clone3 resumed> => {parent_tid=[1735]}, 88) = 1735 [pid 1728] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1729] rt_sigprocmask(SIG_SETMASK, [], [pid 1728] <... futex resumed>) = 1 [pid 1716] <... futex resumed>) = 0 [pid 1734] <... mmap resumed>) = 0x7f0ae48af000 [pid 1733] <... mmap resumed>) = 0x7f0ae48af000 [pid 1732] <... mmap resumed>) = 0x7f0ae48af000 [pid 1729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1728] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] set_robust_list(0x7f0aecccf9a0, 24 [pid 1729] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... set_robust_list resumed>) = 0 [pid 1729] <... futex resumed>) = 0 [pid 1721] <... futex resumed>) = 0 [pid 1716] <... futex resumed>) = 1 [pid 1735] rt_sigprocmask(SIG_SETMASK, [], [pid 1729] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1721] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1721] <... mmap resumed>) = 0x200000000000 [pid 1735] memfd_create("syzkaller", 0 [pid 1721] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... memfd_create resumed>) = 3 [pid 1721] <... futex resumed>) = 1 [pid 1716] <... futex resumed>) = 0 [pid 1735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1721] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... mmap resumed>) = 0x7f0ae48af000 [pid 1734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1716] <... futex resumed>) = 0 [pid 1735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1735] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1735] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1735] ioctl(4, LOOP_SET_FD, 3 [pid 1734] <... write resumed>) = 524288 [pid 1734] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1734] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1733] <... write resumed>) = 524288 [pid 1733] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1733] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1732] <... write resumed>) = 524288 [pid 1732] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1732] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1735] <... ioctl resumed>) = 0 [pid 1734] <... openat resumed>) = 4 [pid 1734] ioctl(4, LOOP_SET_FD, 3 [pid 1733] <... openat resumed>) = 4 [pid 1732] <... openat resumed>) = 4 [pid 1733] ioctl(4, LOOP_SET_FD, 3 [pid 1732] ioctl(4, LOOP_SET_FD, 3 [pid 1735] close(3) = 0 [pid 1735] close(4 [pid 1721] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1716] <... futex resumed>) = ? [pid 1728] <... futex resumed>) = ? [pid 1734] <... ioctl resumed>) = 0 [pid 1728] +++ killed by SIGBUS +++ [pid 1733] <... ioctl resumed>) = 0 [pid 1734] close(3) = 0 [pid 1734] close(4 [pid 1732] <... ioctl resumed>) = 0 [pid 1733] close(3 [pid 1732] close(3) = 0 [pid 1732] close(4 [pid 1733] <... close resumed>) = 0 [pid 1733] close(4 [pid 1721] +++ killed by SIGBUS +++ [pid 1716] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1716, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1735] <... close resumed>) = 0 [pid 1735] mkdir("./file2", 0777) = 0 [ 45.170823][ T1721] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1735] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1734] <... close resumed>) = 0 [pid 1734] mkdir("./file2", 0777) = 0 [pid 1734] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1732] <... close resumed>) = 0 [pid 1732] mkdir("./file2", 0777) = 0 [pid 1732] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1733] <... close resumed>) = 0 [pid 1733] mkdir("./file2", 0777) = 0 [pid 1733] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./47/file2") = 0 [pid 291] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./47/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./47") = 0 [pid 291] mkdir("./48", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1748 [pid 1733] <... mount resumed>) = 0 [pid 1733] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1733] chdir("./file2") = 0 [pid 1733] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1733] ioctl(4, LOOP_CLR_FD) = 0 [pid 1733] close(4) = 0 [pid 1733] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1731] <... futex resumed>) = 0 [pid 1733] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1731] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1733] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1731] <... futex resumed>) = 0 [pid 1733] <... openat resumed>) = 4 [pid 1731] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1733] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1731] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1734] <... mount resumed>) = 0 [pid 1733] write(4, "#! \n", 4 [pid 1731] <... futex resumed>) = 0 [pid 1734] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1733] <... write resumed>) = 4 [pid 1731] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] <... openat resumed>) = 3 [pid 1733] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1731] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1748 attached [pid 1735] <... mount resumed>) = 0 [pid 1734] chdir("./file2" [pid 1733] <... futex resumed>) = 0 [pid 1732] <... mount resumed>) = 0 [pid 1731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1748] set_robust_list(0x555594a056a0, 24 [pid 1735] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1734] <... chdir resumed>) = 0 [pid 1733] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1732] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1731] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1748] <... set_robust_list resumed>) = 0 [pid 1735] <... openat resumed>) = 3 [pid 1734] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1732] <... openat resumed>) = 3 [pid 1731] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1748] chdir("./48" [pid 1735] chdir("./file2" [pid 1732] chdir("./file2" [pid 1748] <... chdir resumed>) = 0 [pid 1735] <... chdir resumed>) = 0 [pid 1732] <... chdir resumed>) = 0 [pid 1748] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1735] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1734] <... openat resumed>) = 4 [pid 1732] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1731] <... mprotect resumed>) = 0 [pid 1748] <... prctl resumed>) = 0 [pid 1735] <... openat resumed>) = 4 [pid 1734] ioctl(4, LOOP_CLR_FD [pid 1732] <... openat resumed>) = 4 [pid 1748] setpgid(0, 0 [pid 1735] ioctl(4, LOOP_CLR_FD [pid 1734] <... ioctl resumed>) = 0 [pid 1732] ioctl(4, LOOP_CLR_FD [pid 1731] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1748] <... setpgid resumed>) = 0 [pid 1735] <... ioctl resumed>) = 0 [pid 1734] close(4 [pid 1732] <... ioctl resumed>) = 0 [pid 1731] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1735] close(4 [pid 1734] <... close resumed>) = 0 [pid 1732] close(4 [pid 1731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1748] <... openat resumed>) = 3 [pid 1735] <... close resumed>) = 0 [pid 1734] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] <... close resumed>) = 0 [pid 1748] write(3, "1000", 4 [pid 1735] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] <... futex resumed>) = 1 [pid 1732] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... futex resumed>) = 0 [pid 1748] <... write resumed>) = 4 [pid 1735] <... futex resumed>) = 1 [pid 1734] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1732] <... futex resumed>) = 1 [pid 1731] <... clone3 resumed> => {parent_tid=[1749]}, 88) = 1749 [pid 1730] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] <... futex resumed>) = 0 [pid 1727] <... futex resumed>) = 0 [pid 1748] close(3 [pid 1735] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1732] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1731] rt_sigprocmask(SIG_SETMASK, [], [pid 1730] <... futex resumed>) = 0 [pid 1729] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1748] <... close resumed>) = 0 [pid 1735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1734] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1730] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1729] <... futex resumed>) = 0 [pid 1727] <... futex resumed>) = 0 [pid 1748] symlink("/dev/binderfs", "./binderfs" [pid 1735] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1732] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1748] <... symlink resumed>) = 0 [pid 1735] <... openat resumed>) = 4 [pid 1734] <... openat resumed>) = 4 [pid 1732] <... openat resumed>) = 4 [pid 1731] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1748] write(1, "executing program\n", 18 [pid 1735] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1731] <... futex resumed>) = 0 [pid 1729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1748] <... write resumed>) = 18 [pid 1735] <... futex resumed>) = 0 [pid 1734] <... futex resumed>) = 1 [pid 1732] <... futex resumed>) = 0 [pid 1731] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1730] <... futex resumed>) = 0 [pid 1729] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1748] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] write(4, "#! \n", 4 [pid 1734] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1732] write(4, "#! \n", 4 [pid 1730] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] <... futex resumed>) = 0 [pid 1727] <... futex resumed>) = 0 [pid 1748] <... futex resumed>) = 0 [pid 1735] <... write resumed>) = 4 [pid 1734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1732] <... write resumed>) = 4 [pid 1730] <... futex resumed>) = 0 [pid 1748] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1735] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1748] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1735] <... futex resumed>) = 0 [pid 1734] write(4, "#! \n", 4 [pid 1732] <... futex resumed>) = 0 [pid 1730] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1729] <... futex resumed>) = 0 [pid 1727] <... futex resumed>) = 0 [pid 1748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1735] write(4, "#! \n", 4 [pid 1734] <... write resumed>) = 4 [pid 1732] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1730] <... futex resumed>) = 0 [pid 1729] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1735] <... write resumed>) = 4 [pid 1734] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1727] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1735] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1734] <... futex resumed>) = 0 [pid 1730] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1727] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 1749 attached [pid 1748] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1735] <... futex resumed>) = 1 [pid 1734] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1730] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1729] <... futex resumed>) = 0 [pid 1727] <... mprotect resumed>) = 0 [pid 1749] set_robust_list(0x7f0aeccae9a0, 24 [pid 1748] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1735] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1730] <... mprotect resumed>) = 0 [pid 1729] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... set_robust_list resumed>) = 0 [pid 1748] <... mprotect resumed>) = 0 [pid 1735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1730] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1727] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 1729] <... futex resumed>) = 0 [pid 1749] rt_sigprocmask(SIG_SETMASK, [], [pid 1748] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1735] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1730] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1729] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1748] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1735] <... mmap resumed>) = 0x200000000000 [pid 1730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1749] write(4, "#! \n", 4 [pid 1748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1735] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... write resumed>) = 4 [pid 1735] <... futex resumed>) = 1 [pid 1729] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1752 attached ./strace-static-x86_64: Process 1751 attached ./strace-static-x86_64: Process 1750 attached [pid 1749] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1748] <... clone3 resumed> => {parent_tid=[1751]}, 88) = 1751 [pid 1735] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1730] <... clone3 resumed> => {parent_tid=[1750]}, 88) = 1750 [pid 1729] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] <... clone3 resumed> => {parent_tid=[1752]}, 88) = 1752 [pid 1749] <... futex resumed>) = 1 [pid 1748] rt_sigprocmask(SIG_SETMASK, [], [pid 1735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1731] <... futex resumed>) = 0 [pid 1730] rt_sigprocmask(SIG_SETMASK, [], [pid 1729] <... futex resumed>) = 0 [pid 1727] rt_sigprocmask(SIG_SETMASK, [], [pid 1752] set_robust_list(0x7f0aeccae9a0, 24 [pid 1751] set_robust_list(0x7f0aecccf9a0, 24 [pid 1750] set_robust_list(0x7f0aeccae9a0, 24 [pid 1749] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1731] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1729] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1733] <... futex resumed>) = 0 [pid 1731] <... futex resumed>) = 1 [pid 1730] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1733] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1731] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1730] <... futex resumed>) = 0 [pid 1727] <... futex resumed>) = 0 [pid 1733] <... mmap resumed>) = 0x200000000000 [pid 1730] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1731] <... futex resumed>) = 0 [pid 1733] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1731] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1731] <... futex resumed>) = 0 [pid 1752] <... set_robust_list resumed>) = 0 [pid 1751] <... set_robust_list resumed>) = 0 [pid 1750] <... set_robust_list resumed>) = 0 [pid 1748] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1752] rt_sigprocmask(SIG_SETMASK, [], [pid 1751] rt_sigprocmask(SIG_SETMASK, [], [pid 1748] <... futex resumed>) = 0 [pid 1752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1748] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1752] write(4, "#! \n", 4 [pid 1751] memfd_create("syzkaller", 0 [pid 1752] <... write resumed>) = 4 [pid 1751] <... memfd_create resumed>) = 3 [pid 1752] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1752] <... futex resumed>) = 1 [pid 1751] <... mmap resumed>) = 0x7f0ae48af000 [pid 1752] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1750] write(4, "#! \n", 4) = 4 [pid 1750] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1750] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1729] <... futex resumed>) = ? [pid 1730] <... futex resumed>) = 0 [pid 1731] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] <... futex resumed>) = 0 [pid 1730] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1734] <... futex resumed>) = 0 [pid 1727] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1751] <... write resumed>) = 524288 [pid 1735] +++ killed by SIGBUS +++ [pid 1734] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1732] <... futex resumed>) = 0 [pid 1729] +++ killed by SIGBUS +++ [pid 1730] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] <... futex resumed>) = 1 [pid 1734] <... mmap resumed>) = 0x200000000000 [pid 1733] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1732] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1727] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1751] munmap(0x7f0ae48af000, 138412032 [pid 1734] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] <... mmap resumed>) = 0x200000000000 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1729, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1734] <... futex resumed>) = 1 [pid 1732] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1730] <... futex resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1734] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1732] <... futex resumed>) = 1 [pid 1730] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] <... futex resumed>) = 0 [pid 1734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1732] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1730] <... futex resumed>) = 0 [pid 1727] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1749] <... futex resumed>) = ? [pid 1751] <... munmap resumed>) = 0 [pid 1751] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1751] ioctl(4, LOOP_SET_FD, 3 [pid 1732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1731] <... futex resumed>) = ? [pid 1730] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1727] <... futex resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 1749] +++ killed by SIGBUS +++ [pid 1727] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] +++ killed by SIGBUS +++ [pid 1731] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1731, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1734] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1750] <... futex resumed>) = ? [pid 1730] <... futex resumed>) = ? [ 45.414429][ T1735] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 45.420150][ T1733] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 45.445907][ T1734] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1750] +++ killed by SIGBUS +++ [pid 1734] +++ killed by SIGBUS +++ [pid 1730] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1730, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1751] <... ioctl resumed>) = 0 [pid 1751] close(3) = 0 [pid 1751] close(4 [pid 287] <... restart_syscall resumed>) = 0 [pid 290] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 1732] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1752] <... futex resumed>) = ? [pid 1727] <... futex resumed>) = ? [pid 290] getdents64(3, [pid 287] getdents64(3, [pid 1752] +++ killed by SIGBUS +++ [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1732] +++ killed by SIGBUS +++ [pid 1727] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1727, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1751] <... close resumed>) = 0 [pid 1751] mkdir("./file2", 0777) = 0 [pid 1751] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 45.446766][ T1732] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 290] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./47/file2", [pid 289] newfstatat(AT_FDCWD, "./46/file2", [pid 288] newfstatat(AT_FDCWD, "./46/file2", [pid 287] newfstatat(AT_FDCWD, "./49/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 290] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 288] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 287] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 287] getdents64(4, [pid 1751] <... mount resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1751] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 290] close(4 [pid 289] close(4 [pid 288] close(4 [pid 287] close(4 [pid 1751] <... openat resumed>) = 3 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 1751] chdir("./file2" [pid 290] rmdir("./47/file2" [pid 289] rmdir("./46/file2" [pid 288] rmdir("./46/file2" [pid 287] <... close resumed>) = 0 [pid 1751] <... chdir resumed>) = 0 [pid 1751] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1751] ioctl(4, LOOP_CLR_FD) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 1751] close(4) = 0 [pid 290] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] rmdir("./49/file2" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... rmdir resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./47/binderfs", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(AT_FDCWD, "./46/binderfs", [pid 288] newfstatat(AT_FDCWD, "./46/binderfs", [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] unlink("./47/binderfs" [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] newfstatat(AT_FDCWD, "./49/binderfs", [pid 1751] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... unlink resumed>) = 0 [pid 289] unlink("./46/binderfs" [pid 288] unlink("./46/binderfs" [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1751] <... futex resumed>) = 1 [pid 1748] <... futex resumed>) = 0 [pid 290] getdents64(3, [pid 289] <... unlink resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 287] unlink("./49/binderfs" [pid 1751] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] getdents64(3, [pid 288] getdents64(3, [pid 287] <... unlink resumed>) = 0 [pid 1751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1748] <... futex resumed>) = 0 [pid 290] close(3 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] getdents64(3, [pid 1751] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1748] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... close resumed>) = 0 [pid 289] close(3 [pid 288] close(3 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] rmdir("./47" [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] close(3 [pid 1751] <... openat resumed>) = 4 [pid 290] <... rmdir resumed>) = 0 [pid 289] rmdir("./46" [pid 288] rmdir("./46" [pid 287] <... close resumed>) = 0 [pid 1751] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] mkdir("./48", 0777 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] rmdir("./49" [pid 1751] <... futex resumed>) = 1 [pid 1748] <... futex resumed>) = 0 [pid 1751] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1748] <... futex resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 1751] write(4, "#! \n", 4 [pid 1748] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1751] <... write resumed>) = 4 [pid 1748] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] mkdir("./47", 0777 [pid 288] mkdir("./47", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 1751] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... openat resumed>) = 3 [pid 1751] <... futex resumed>) = 0 [pid 1748] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1751] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 1748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... mkdir resumed>) = 0 [pid 287] mkdir("./50", 0777./strace-static-x86_64: Process 1756 attached [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... openat resumed>) = 3 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... mkdir resumed>) = 0 [pid 1756] set_robust_list(0x7f0aeccae9a0, 24 [pid 1748] <... clone3 resumed> => {parent_tid=[1756]}, 88) = 1756 [pid 1748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1748] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1748] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] close(3 [pid 1756] <... set_robust_list resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... openat resumed>) = 3 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1756] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] <... openat resumed>) = 3 [pid 1756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] close(3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] ioctl(3, LOOP_CLR_FD [pid 1756] write(4, "#! \n", 4 [pid 289] <... close resumed>) = 0 [pid 288] close(3 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1756] <... write resumed>) = 4 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... close resumed>) = 0 [pid 287] close(3 [pid 1756] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 1756] <... futex resumed>) = 1 [pid 1748] <... futex resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1757 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1756] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1758 [pid 1751] <... futex resumed>) = 0 [pid 1748] <... futex resumed>) = 1 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1759 [pid 1751] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1748] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1751] <... mmap resumed>) = 0x200000000000 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1760 [pid 1751] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1748] <... futex resumed>) = 0 [pid 1751] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000executing program executing program executing program executing program [pid 1751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1748] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1760 attached ./strace-static-x86_64: Process 1759 attached ./strace-static-x86_64: Process 1758 attached ./strace-static-x86_64: Process 1757 attached [pid 1760] set_robust_list(0x555594a056a0, 24 [pid 1759] set_robust_list(0x555594a056a0, 24 [pid 1758] set_robust_list(0x555594a056a0, 24 [pid 1757] set_robust_list(0x555594a056a0, 24 [pid 1760] <... set_robust_list resumed>) = 0 [pid 1759] <... set_robust_list resumed>) = 0 [pid 1758] <... set_robust_list resumed>) = 0 [pid 1757] <... set_robust_list resumed>) = 0 [pid 1760] chdir("./48" [pid 1759] chdir("./50" [pid 1758] chdir("./47" [pid 1757] chdir("./47" [pid 1760] <... chdir resumed>) = 0 [pid 1759] <... chdir resumed>) = 0 [pid 1758] <... chdir resumed>) = 0 [pid 1757] <... chdir resumed>) = 0 [pid 1760] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1759] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1758] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1757] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1760] <... prctl resumed>) = 0 [pid 1759] <... prctl resumed>) = 0 [pid 1758] <... prctl resumed>) = 0 [pid 1757] <... prctl resumed>) = 0 [pid 1760] setpgid(0, 0 [pid 1759] setpgid(0, 0 [pid 1758] setpgid(0, 0 [pid 1757] setpgid(0, 0 [pid 1760] <... setpgid resumed>) = 0 [pid 1759] <... setpgid resumed>) = 0 [pid 1758] <... setpgid resumed>) = 0 [pid 1757] <... setpgid resumed>) = 0 [pid 1760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1760] <... openat resumed>) = 3 [pid 1759] <... openat resumed>) = 3 [pid 1758] <... openat resumed>) = 3 [pid 1757] <... openat resumed>) = 3 [pid 1760] write(3, "1000", 4 [pid 1759] write(3, "1000", 4 [pid 1758] write(3, "1000", 4 [pid 1757] write(3, "1000", 4 [pid 1760] <... write resumed>) = 4 [pid 1759] <... write resumed>) = 4 [pid 1758] <... write resumed>) = 4 [pid 1757] <... write resumed>) = 4 [pid 1760] close(3 [pid 1759] close(3 [pid 1758] close(3 [pid 1757] close(3 [pid 1760] <... close resumed>) = 0 [pid 1759] <... close resumed>) = 0 [pid 1758] <... close resumed>) = 0 [pid 1757] <... close resumed>) = 0 [pid 1760] symlink("/dev/binderfs", "./binderfs" [pid 1759] symlink("/dev/binderfs", "./binderfs" [pid 1758] symlink("/dev/binderfs", "./binderfs" [pid 1757] symlink("/dev/binderfs", "./binderfs" [pid 1760] <... symlink resumed>) = 0 [pid 1759] <... symlink resumed>) = 0 [pid 1758] <... symlink resumed>) = 0 [pid 1757] <... symlink resumed>) = 0 [pid 1760] write(1, "executing program\n", 18 [pid 1759] write(1, "executing program\n", 18 [pid 1758] write(1, "executing program\n", 18 [pid 1757] write(1, "executing program\n", 18 [pid 1760] <... write resumed>) = 18 [pid 1759] <... write resumed>) = 18 [pid 1758] <... write resumed>) = 18 [pid 1757] <... write resumed>) = 18 [pid 1760] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1759] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1760] <... futex resumed>) = 0 [pid 1759] <... futex resumed>) = 0 [pid 1758] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1760] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1759] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1758] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1757] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1760] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1759] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1758] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1757] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1748] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1760] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1759] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1758] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1757] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1760] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1759] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1758] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1757] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1760] <... mprotect resumed>) = 0 [pid 1759] <... mprotect resumed>) = 0 [pid 1758] <... mprotect resumed>) = 0 [pid 1757] <... mprotect resumed>) = 0 [pid 1760] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1759] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1758] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1757] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1751] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1760] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1759] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1758] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1757] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 1764 attached ./strace-static-x86_64: Process 1763 attached ./strace-static-x86_64: Process 1762 attached ./strace-static-x86_64: Process 1761 attached [pid 1756] <... futex resumed>) = ? [pid 1748] <... futex resumed>) = ? [pid 1764] set_robust_list(0x7f0aecccf9a0, 24 [pid 1763] set_robust_list(0x7f0aecccf9a0, 24 [pid 1762] set_robust_list(0x7f0aecccf9a0, 24 [pid 1761] set_robust_list(0x7f0aecccf9a0, 24 [pid 1760] <... clone3 resumed> => {parent_tid=[1761]}, 88) = 1761 [pid 1759] <... clone3 resumed> => {parent_tid=[1762]}, 88) = 1762 [pid 1758] <... clone3 resumed> => {parent_tid=[1763]}, 88) = 1763 [pid 1757] <... clone3 resumed> => {parent_tid=[1764]}, 88) = 1764 [pid 1762] <... set_robust_list resumed>) = 0 [pid 1761] <... set_robust_list resumed>) = 0 [pid 1760] rt_sigprocmask(SIG_SETMASK, [], [pid 1759] rt_sigprocmask(SIG_SETMASK, [], [pid 1758] rt_sigprocmask(SIG_SETMASK, [], [pid 1756] +++ killed by SIGBUS +++ [pid 1764] <... set_robust_list resumed>) = 0 [pid 1763] <... set_robust_list resumed>) = 0 [pid 1762] rt_sigprocmask(SIG_SETMASK, [], [pid 1761] rt_sigprocmask(SIG_SETMASK, [], [pid 1760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1757] rt_sigprocmask(SIG_SETMASK, [], [pid 1760] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1759] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1760] <... futex resumed>) = 0 [pid 1759] <... futex resumed>) = 0 [pid 1758] <... futex resumed>) = 0 [pid 1760] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1759] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1758] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1764] rt_sigprocmask(SIG_SETMASK, [], [pid 1763] rt_sigprocmask(SIG_SETMASK, [], [pid 1762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1751] +++ killed by SIGBUS +++ [pid 1748] +++ killed by SIGBUS +++ [pid 1764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1764] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1761] memfd_create("syzkaller", 0 [pid 1757] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] memfd_create("syzkaller", 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1748, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 1757] <... futex resumed>) = 0 [pid 1761] <... memfd_create resumed>) = 3 [pid 1762] <... memfd_create resumed>) = 3 [pid 1763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1757] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... mmap resumed>) = 0x7f0ae48af000 [pid 1761] <... mmap resumed>) = 0x7f0ae48af000 [pid 1764] memfd_create("syzkaller", 0 [pid 1763] memfd_create("syzkaller", 0 [pid 1764] <... memfd_create resumed>) = 3 [pid 1764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1764] <... write resumed>) = 524288 [pid 1764] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1764] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] <... restart_syscall resumed>) = 0 [pid 1763] <... memfd_create resumed>) = 3 [pid 1763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 291] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1763] <... mmap resumed>) = 0x7f0ae48af000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1764] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 1764] ioctl(4, LOOP_SET_FD, 3 [pid 291] newfstatat(3, "", [pid 1762] <... write resumed>) = 524288 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1762] munmap(0x7f0ae48af000, 138412032 [pid 291] getdents64(3, [pid 1762] <... munmap resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1761] <... write resumed>) = 524288 [pid 291] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1762] ioctl(4, LOOP_SET_FD, 3 [pid 1764] <... ioctl resumed>) = 0 [pid 1764] close(3) = 0 [pid 1764] close(4 [pid 1762] <... ioctl resumed>) = 0 [pid 1761] munmap(0x7f0ae48af000, 138412032 [pid 1763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1761] <... munmap resumed>) = 0 [pid 1762] close(3) = 0 [pid 1762] close(4) = 0 [pid 1762] mkdir("./file2", 0777) = 0 [pid 1761] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1762] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1763] <... write resumed>) = 524288 [pid 1763] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1763] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1764] <... close resumed>) = 0 [pid 1764] mkdir("./file2", 0777) = 0 [pid 1764] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1761] <... openat resumed>) = 4 [ 45.727865][ T1751] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1761] close(3) = 0 [pid 1761] close(4 [pid 1763] <... openat resumed>) = 4 [pid 1763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1763] close(3) = 0 [pid 1763] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./48/file2") = 0 [pid 291] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./48/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./48") = 0 [pid 291] mkdir("./49", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1764] <... mount resumed>) = 0 [pid 1764] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1762] <... mount resumed>) = 0 [pid 1764] <... openat resumed>) = 3 [pid 1762] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1764] chdir("./file2" [pid 1762] <... openat resumed>) = 3 [pid 1764] <... chdir resumed>) = 0 [pid 1762] chdir("./file2" [pid 1764] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1762] <... chdir resumed>) = 0 [pid 1762] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1763] <... close resumed>) = 0 [pid 1763] mkdir("./file2", 0777) = 0 [pid 1763] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1764] <... openat resumed>) = 4 [pid 1762] <... openat resumed>) = 4 [pid 1761] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 1764] ioctl(4, LOOP_CLR_FD [pid 1762] ioctl(4, LOOP_CLR_FD [pid 1761] mkdir("./file2", 0777 [pid 1764] <... ioctl resumed>) = 0 [pid 1762] <... ioctl resumed>) = 0 [pid 1761] <... mkdir resumed>) = 0 [pid 1764] close(4 [pid 1762] close(4 [pid 1761] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1764] <... close resumed>) = 0 [pid 1762] <... close resumed>) = 0 [pid 1764] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] <... futex resumed>) = 1 [pid 1762] <... futex resumed>) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1764] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1759] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1764] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1762] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1759] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1757] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, LOOP_CLR_FD [pid 1764] <... openat resumed>) = 4 [pid 1762] <... openat resumed>) = 4 [pid 1764] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1764] <... futex resumed>) = 1 [pid 1762] <... futex resumed>) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1764] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1759] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 1764] write(4, "#! \n", 4 [pid 1762] write(4, "#! \n", 4 [pid 1759] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] <... write resumed>) = 4 [pid 1762] <... write resumed>) = 4 [pid 1759] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1764] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1764] <... futex resumed>) = 0 [pid 1762] <... futex resumed>) = 0 [pid 1759] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1757] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1764] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1757] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1759] <... mprotect resumed>) = 0 [pid 1757] <... mprotect resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1773 [pid 1759] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1757] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1759] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1757] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1759] <... clone3 resumed> => {parent_tid=[1774]}, 88) = 1774 [pid 1757] <... clone3 resumed> => {parent_tid=[1775]}, 88) = 1775 [pid 1759] rt_sigprocmask(SIG_SETMASK, [], [pid 1757] rt_sigprocmask(SIG_SETMASK, [], [pid 1759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1759] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1759] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1759] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1757] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1775 attached [pid 1775] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1775] write(4, "#! \n", 4) = 4 [pid 1775] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] <... futex resumed>) = 0 [pid 1757] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] <... futex resumed>) = 0 [pid 1757] <... futex resumed>) = 1 [pid 1764] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1757] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1764] <... mmap resumed>) = 0x200000000000 [pid 1764] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1757] <... futex resumed>) = 0 [pid 1764] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1757] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1757] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1774 attached ./strace-static-x86_64: Process 1773 attached [pid 1775] <... futex resumed>) = 1 [pid 1773] set_robust_list(0x555594a056a0, 24) = 0 [pid 1773] chdir("./49") = 0 [pid 1773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1773] setpgid(0, 0) = 0 [pid 1773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 1773] write(3, "1000", 4) = 4 [pid 1773] close(3) = 0 [pid 1773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1773] write(1, "executing program\n", 18) = 18 [pid 1773] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1773] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1773] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1775] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1774] set_robust_list(0x7f0aeccae9a0, 24 [pid 1773] <... clone3 resumed> => {parent_tid=[1776]}, 88) = 1776 [pid 1774] <... set_robust_list resumed>) = 0 [pid 1773] rt_sigprocmask(SIG_SETMASK, [], [pid 1774] rt_sigprocmask(SIG_SETMASK, [], [pid 1773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1773] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1774] write(4, "#! \n", 4 [pid 1773] <... futex resumed>) = 0 [pid 1774] <... write resumed>) = 4 [pid 1773] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1774] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1774] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1759] <... futex resumed>) = 1 [pid 1762] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1759] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1762] <... mmap resumed>) = 0x200000000000 [pid 1762] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] <... futex resumed>) = 0 [pid 1762] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1759] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1776 attached [pid 1764] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1761] <... mount resumed>) = 0 [pid 1757] read(-321280512, [pid 1776] set_robust_list(0x7f0aecccf9a0, 24 [pid 1761] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1776] <... set_robust_list resumed>) = 0 [pid 1761] <... openat resumed>) = 3 [pid 1776] rt_sigprocmask(SIG_SETMASK, [], [pid 1761] chdir("./file2" [pid 1776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1761] <... chdir resumed>) = 0 [pid 1776] memfd_create("syzkaller", 0 [pid 1761] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1776] <... memfd_create resumed>) = 3 [pid 1761] <... openat resumed>) = 4 [pid 1776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1761] ioctl(4, LOOP_CLR_FD [pid 1776] <... mmap resumed>) = 0x7f0ae48af000 [pid 1761] <... ioctl resumed>) = 0 [pid 1776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1761] close(4) = 0 [pid 1761] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1761] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1776] <... write resumed>) = 524288 [pid 1776] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1776] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1776] ioctl(4, LOOP_SET_FD, 3 [pid 1763] <... mount resumed>) = 0 [pid 1763] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1759] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] <... futex resumed>) = 0 [pid 1775] <... futex resumed>) = ? [pid 1763] <... openat resumed>) = 3 [pid 1760] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1760] <... futex resumed>) = 1 [pid 1761] <... futex resumed>) = 0 [pid 1760] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1775] +++ killed by SIGBUS +++ [pid 1763] chdir("./file2") = 0 [pid 1763] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1764] +++ killed by SIGBUS +++ [pid 1757] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1757, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 1774] <... futex resumed>) = ? [pid 1761] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1759] <... futex resumed>) = ? [pid 1776] <... ioctl resumed>) = 0 [pid 1776] close(3 [pid 1774] +++ killed by SIGBUS +++ [pid 1763] <... openat resumed>) = 4 [pid 1761] <... openat resumed>) = 4 [pid 1763] ioctl(4, LOOP_CLR_FD [pid 1776] <... close resumed>) = 0 [pid 1763] <... ioctl resumed>) = 0 [pid 1761] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] close(4 [pid 1776] close(4 [pid 1761] <... futex resumed>) = 1 [pid 1760] <... futex resumed>) = 0 [pid 1763] <... close resumed>) = 0 [pid 1761] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1760] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1763] <... futex resumed>) = 1 [pid 1760] <... futex resumed>) = 0 [pid 1758] <... futex resumed>) = 0 [pid 1763] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1761] write(4, "#! \n", 4 [pid 1760] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1761] <... write resumed>) = 4 [pid 1760] <... futex resumed>) = 0 [pid 1758] <... futex resumed>) = 0 [pid 1763] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1761] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1776] <... close resumed>) = 0 [pid 1776] mkdir("./file2", 0777) = 0 [pid 1776] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1762] +++ killed by SIGBUS +++ [pid 1759] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1759, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1761] <... futex resumed>) = 0 [pid 1760] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1758] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1761] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1760] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1763] <... openat resumed>) = 4 [pid 1760] <... mprotect resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 1763] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1760] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1763] <... futex resumed>) = 1 [pid 1760] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1758] <... futex resumed>) = 0 [pid 1763] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1758] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1758] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1763] write(4, "#! \n", 4 [pid 1760] <... clone3 resumed> => {parent_tid=[1782]}, 88) = 1782 [pid 1758] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1763] <... write resumed>) = 4 [pid 1760] rt_sigprocmask(SIG_SETMASK, [], [pid 1758] <... futex resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 1763] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 1763] <... futex resumed>) = 0 [pid 1760] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1763] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1760] <... futex resumed>) = 0 [pid 1758] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] getdents64(3, [pid 287] getdents64(3, [pid 1760] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1758] <... mprotect resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1758] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 45.845946][ T1764] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 45.857302][ T1762] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1758] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 1782 attached [pid 1782] set_robust_list(0x7f0aeccae9a0, 24 [pid 1758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1782] <... set_robust_list resumed>) = 0 [pid 1782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1782] write(4, "#! \n", 4) = 4 [pid 1782] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1760] <... futex resumed>) = 0 [pid 1758] <... clone3 resumed> => {parent_tid=[1784]}, 88) = 1784 [pid 1760] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1782] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1784 attached [pid 1784] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1784] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1760] <... futex resumed>) = 1 [pid 1761] <... futex resumed>) = 0 [pid 1760] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1758] rt_sigprocmask(SIG_SETMASK, [], [pid 1761] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1761] <... mmap resumed>) = 0x200000000000 [pid 1758] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1760] <... futex resumed>) = 0 [pid 1761] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1758] <... futex resumed>) = 1 [pid 1760] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1758] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] <... futex resumed>) = 0 [pid 1784] <... futex resumed>) = 0 [pid 1784] write(4, "#! \n", 4) = 4 [pid 1784] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1784] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1758] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1758] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1760] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1763] <... futex resumed>) = 0 [pid 1763] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1763] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1758] <... futex resumed>) = 0 [pid 1763] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1758] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1758] <... futex resumed>) = 0 [pid 1761] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1782] <... futex resumed>) = ? [pid 1760] <... futex resumed>) = ? [pid 1782] +++ killed by SIGBUS +++ [pid 1761] +++ killed by SIGBUS +++ [pid 1760] +++ killed by SIGBUS +++ [pid 1758] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1760, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1776] <... mount resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 1776] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1763] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 290] newfstatat(3, "", [pid 1776] <... openat resumed>) = 3 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1784] <... futex resumed>) = ? [pid 1776] chdir("./file2" [pid 1758] <... futex resumed>) = ? [pid 1776] <... chdir resumed>) = 0 [pid 290] getdents64(3, [pid 1776] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1784] +++ killed by SIGBUS +++ [pid 1763] +++ killed by SIGBUS +++ [pid 1758] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1758, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./47/file2") = 0 [pid 289] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./47/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./47") = 0 [pid 289] mkdir("./48", 0777) = 0 [ 45.895110][ T1761] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 45.902464][ T1763] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1776] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./47/file2") = 0 [pid 288] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./47/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./47" [pid 1776] ioctl(4, LOOP_CLR_FD [pid 288] <... rmdir resumed>) = 0 [pid 288] mkdir("./48", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FDexecuting program executing program [pid 1776] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./50/file2" [pid 1776] close(4 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... rmdir resumed>) = 0 [pid 287] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1776] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./50/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./50") = 0 [pid 287] mkdir("./51", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1786 ./strace-static-x86_64: Process 1786 attached [pid 1786] set_robust_list(0x555594a056a0, 24) = 0 [pid 1786] chdir("./51") = 0 [pid 1786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1786] setpgid(0, 0) = 0 [pid 1786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1786] write(3, "1000", 4 [pid 1776] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] close(3 [pid 1786] <... write resumed>) = 4 [pid 1786] close(3) = 0 [pid 1786] symlink("/dev/binderfs", "./binderfs" [pid 1776] <... futex resumed>) = 1 [pid 1773] <... futex resumed>) = 0 [pid 1776] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1773] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1773] <... futex resumed>) = 0 [pid 1776] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1773] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1786] <... symlink resumed>) = 0 [pid 1786] write(1, "executing program\n", 18) = 18 [pid 1786] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1786] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1776] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... close resumed>) = 0 [pid 1776] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1786] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1776] <... futex resumed>) = 1 [pid 1773] <... futex resumed>) = 0 [pid 1776] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1773] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1773] <... futex resumed>) = 0 [pid 1776] write(4, "#! \n", 4 [pid 1773] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1776] <... write resumed>) = 4 [pid 1773] <... futex resumed>) = 0 [pid 1786] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1776] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1773] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1776] <... futex resumed>) = 0 [pid 1773] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1776] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1773] <... mprotect resumed>) = 0 [pid 1786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1786] <... clone3 resumed> => {parent_tid=[1787]}, 88) = 1787 [pid 1773] <... clone3 resumed> => {parent_tid=[1788]}, 88) = 1788 [pid 1786] rt_sigprocmask(SIG_SETMASK, [], [pid 1773] rt_sigprocmask(SIG_SETMASK, [], [pid 1786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1786] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1773] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] <... futex resumed>) = 0 [pid 1773] <... futex resumed>) = 0 [pid 1773] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1786] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1788 attached [pid 1788] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1788] write(4, "#! \n", 4) = 4 [pid 1788] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1773] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./48/file2", [pid 1773] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1773] <... futex resumed>) = 1 [pid 1776] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... openat resumed>) = 3 [pid 1788] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1787 attached [pid 1787] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1787] rt_sigprocmask(SIG_SETMASK, [], [pid 288] ioctl(3, LOOP_CLR_FD [pid 1776] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1773] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1789 [pid 1776] <... mmap resumed>) = 0x200000000000 [pid 288] close(3 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1776] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... close resumed>) = 0 [pid 1776] <... futex resumed>) = 1 [pid 1773] <... futex resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1776] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1773] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 4 [pid 1787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1787] memfd_create("syzkaller", 0) = 3 [pid 1776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1773] <... futex resumed>) = 0 [pid 290] newfstatat(4, "", [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1790 [pid 1787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1789 attached [pid 1789] set_robust_list(0x555594a056a0, 24) = 0 [pid 1789] chdir("./48") = 0 [pid 1789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1789] setpgid(0, 0) = 0 [pid 1789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1789] write(3, "1000", 4) = 4 [pid 1789] close(3) = 0 [pid 1789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1789] write(1, "executing program\n", 18) = 18 [pid 1789] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1789] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1791]}, 88) = 1791 [pid 1789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1789] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1789] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1787] <... write resumed>) = 524288 [pid 1787] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1787] close(3) = 0 [pid 1787] close(4./strace-static-x86_64: Process 1790 attached [pid 1790] set_robust_list(0x555594a056a0, 24) = 0 [pid 1790] chdir("./48") = 0 [pid 1790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1790] setpgid(0, 0) = 0 [pid 1790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1790] write(3, "1000", 4) = 4 [pid 1790] close(3) = 0 [pid 1790] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1790] write(1, "executing program\n", 18) = 18 [pid 1790] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1790] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1790] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1793]}, 88) = 1793 [pid 1790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1790] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1790] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1793 attached [pid 1793] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1793] memfd_create("syzkaller", 0) = 3 [pid 1793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1773] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1793] <... mmap resumed>) = 0x7f0ae48af000 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 ./strace-static-x86_64: Process 1791 attached [pid 290] rmdir("./48/file2" [pid 1791] set_robust_list(0x7f0aecccf9a0, 24 [pid 1776] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 290] <... rmdir resumed>) = 0 [pid 290] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1791] <... set_robust_list resumed>) = 0 [pid 1788] <... futex resumed>) = ? [pid 1773] <... futex resumed>) = ? [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./48/binderfs", [pid 1791] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] unlink("./48/binderfs" [pid 1791] memfd_create("syzkaller", 0 [pid 290] <... unlink resumed>) = 0 [pid 1791] <... memfd_create resumed>) = 3 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1788] +++ killed by SIGBUS +++ [pid 1791] <... mmap resumed>) = 0x7f0ae48af000 [pid 290] close(3) = 0 [pid 1793] <... write resumed>) = 524288 [pid 1793] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1793] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1776] +++ killed by SIGBUS +++ [pid 1773] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1773, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] rmdir("./48" [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 290] <... rmdir resumed>) = 0 [pid 290] mkdir("./49", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1791] <... write resumed>) = 524288 [pid 1791] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1791] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1787] <... close resumed>) = 0 [pid 1787] mkdir("./file2", 0777) = 0 [pid 1787] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1791] <... openat resumed>) = 4 [pid 1791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1791] close(3) = 0 [pid 1791] close(4 [pid 1793] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD [ 46.092359][ T1776] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1793] ioctl(4, LOOP_SET_FD, 3 [pid 1787] <... mount resumed>) = 0 [pid 1787] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1787] chdir("./file2") = 0 [pid 1787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1787] ioctl(4, LOOP_CLR_FD) = 0 [pid 1787] close(4) = 0 [pid 1787] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1787] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1786] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1787] <... openat resumed>) = 4 [pid 1786] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1787] write(4, "#! \n", 4 [pid 1786] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... write resumed>) = 4 [pid 1786] <... futex resumed>) = 0 [pid 1787] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... futex resumed>) = 0 [pid 1786] <... futex resumed>) = 0 [pid 1787] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1786] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1798]}, 88) = 1798 [pid 1786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1786] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1786] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1798 attached [pid 1798] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1798] write(4, "#! \n", 4) = 4 [pid 1798] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] <... futex resumed>) = 0 [pid 1786] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... futex resumed>) = 0 [pid 1786] <... futex resumed>) = 1 [pid 1787] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1786] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] <... mmap resumed>) = 0x200000000000 [pid 1798] <... futex resumed>) = 1 [pid 1787] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1798] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1786] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1786] <... futex resumed>) = ? [pid 1798] <... futex resumed>) = 230 [pid 1798] +++ killed by SIGBUS +++ [pid 1787] +++ killed by SIGBUS +++ [pid 1786] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1786, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1791] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1793] <... ioctl resumed>) = 0 [pid 1791] mkdir("./file2", 0777 [pid 290] close(3 [pid 1793] close(3 [pid 1791] <... mkdir resumed>) = 0 [pid 1793] <... close resumed>) = 0 [pid 1793] close(4 [pid 1791] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 291] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1800 [pid 291] newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./49/file2") = 0 [pid 291] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./49/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./49"./strace-static-x86_64: Process 1800 attached [pid 1800] set_robust_list(0x555594a056a0, 24) = 0 [pid 1800] chdir("./49" [pid 291] <... rmdir resumed>) = 0 [pid 291] mkdir("./50", 0777 [pid 1800] <... chdir resumed>) = 0 [pid 1800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1800] setpgid(0, 0) = 0 [pid 1800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1800] <... openat resumed>) = 3 executing program [pid 1800] write(3, "1000", 4) = 4 [pid 1800] close(3) = 0 [pid 1800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1800] write(1, "executing program\n", 18) = 18 [pid 1800] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1800] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [ 46.183379][ T1787] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1800] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1800] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 1801 attached => {parent_tid=[1801]}, 88) = 1801 [pid 1801] set_robust_list(0x7f0aecccf9a0, 24 [pid 1800] rt_sigprocmask(SIG_SETMASK, [], [pid 1801] <... set_robust_list resumed>) = 0 [pid 1801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1801] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1800] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1800] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1801] <... futex resumed>) = 0 [pid 1801] memfd_create("syzkaller", 0) = 3 [pid 1801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1791] <... mount resumed>) = 0 [pid 1791] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1791] chdir("./file2") = 0 [pid 1791] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1801] <... write resumed>) = 524288 [pid 1801] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1801] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1793] <... close resumed>) = 0 [pid 1793] mkdir("./file2", 0777) = 0 [pid 1793] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1791] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 1801] <... openat resumed>) = 4 [pid 1791] ioctl(4, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 287] <... umount2 resumed>) = 0 [pid 1791] <... ioctl resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1801] ioctl(4, LOOP_SET_FD, 3 [pid 1791] close(4 [pid 291] close(3 [pid 287] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 1801] <... ioctl resumed>) = 0 [pid 1791] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 1801] close(3 [pid 1791] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1801] <... close resumed>) = 0 [pid 1791] <... futex resumed>) = 1 [pid 1801] close(4 [pid 1791] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1805 [pid 1789] <... futex resumed>) = 0 [pid 1789] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1791] <... futex resumed>) = 0 [pid 1789] <... futex resumed>) = 1 [pid 287] close(4./strace-static-x86_64: Process 1805 attached [pid 1791] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1789] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 1805] set_robust_list(0x555594a056a0, 24) = 0 [pid 1791] <... openat resumed>) = 4 [pid 287] rmdir("./51/file2" [pid 1791] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1805] chdir("./50" [pid 287] <... rmdir resumed>) = 0 [pid 1805] <... chdir resumed>) = 0 [pid 1791] <... futex resumed>) = 1 [pid 1789] <... futex resumed>) = 0 [pid 1805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1793] <... mount resumed>) = 0 [pid 1789] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1793] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1791] write(4, "#! \n", 4 [pid 287] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1789] <... futex resumed>) = 0 [pid 1793] <... openat resumed>) = 3 [pid 1805] setpgid(0, 0 [pid 1791] <... write resumed>) = 4 [pid 1793] chdir("./file2" [pid 1789] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1805] <... setpgid resumed>) = 0 [pid 1793] <... chdir resumed>) = 0 [pid 1791] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1789] <... futex resumed>) = 0 [pid 1805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1793] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1791] <... futex resumed>) = 0 [pid 1789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] newfstatat(AT_FDCWD, "./51/binderfs", [pid 1805] <... openat resumed>) = 3 [pid 1791] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1789] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1789] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] unlink("./51/binderfs" [pid 1789] <... mprotect resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 1789] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] getdents64(3, [pid 1789] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] close(3) = 0 [pid 1789] <... clone3 resumed> => {parent_tid=[1808]}, 88) = 1808 [pid 287] rmdir("./51"./strace-static-x86_64: Process 1808 attached [pid 1805] write(3, "1000", 4 [pid 1789] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... rmdir resumed>) = 0 [pid 1808] set_robust_list(0x7f0aeccae9a0, 24 [pid 1805] <... write resumed>) = 4 [pid 1789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] mkdir("./52", 0777 [pid 1808] <... set_robust_list resumed>) = 0 [pid 1805] close(3 [pid 1789] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... mkdir resumed>) = 0 [pid 1789] <... futex resumed>) = 0 [pid 1805] <... close resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1805] symlink("/dev/binderfs", "./binderfs" [pid 1789] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1808] write(4, "#! \n", 4) = 4 [pid 1808] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1789] <... futex resumed>) = 0 [pid 1808] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL executing program [pid 1805] <... symlink resumed>) = 0 [pid 1789] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1805] write(1, "executing program\n", 18 [pid 1791] <... futex resumed>) = 0 [pid 1789] <... futex resumed>) = 1 [pid 1805] <... write resumed>) = 18 [pid 1791] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1789] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1805] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1791] <... mmap resumed>) = 0x200000000000 [pid 1791] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1805] <... futex resumed>) = 0 [pid 1789] <... futex resumed>) = 0 [pid 1805] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1791] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1789] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1805] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1789] <... futex resumed>) = 0 [pid 1805] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1805] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1805] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1809]}, 88) = 1809 [pid 1805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1805] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1805] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1789] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1809 attached [pid 1809] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1809] memfd_create("syzkaller", 0) = 3 [pid 1809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1809] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1809] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1791] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1808] <... futex resumed>) = ? [pid 1789] <... futex resumed>) = 230 [pid 1808] +++ killed by SIGBUS +++ [pid 1791] +++ killed by SIGBUS +++ [pid 1789] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1789, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1801] <... close resumed>) = 0 [pid 1801] mkdir("./file2", 0777) = 0 [pid 1801] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1793] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 1793] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 1809] <... openat resumed>) = 4 [pid 1793] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1793] close(4 [pid 287] close(3 [pid 1809] ioctl(4, LOOP_SET_FD, 3 [pid 1801] <... mount resumed>) = 0 [pid 1801] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1801] chdir("./file2") = 0 [pid 1801] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1793] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1793] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1812 attached [ 46.346375][ T1791] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters executing program [pid 1793] <... futex resumed>) = 1 [pid 1790] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./48/file2") = 0 [pid 289] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./48/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./48") = 0 [pid 1812] set_robust_list(0x555594a056a0, 24 [pid 289] mkdir("./49", 0777 [pid 1812] <... set_robust_list resumed>) = 0 [pid 1790] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... mkdir resumed>) = 0 [pid 1812] chdir("./52" [pid 1801] <... openat resumed>) = 4 [pid 1793] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1790] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1812 [pid 1812] <... chdir resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 1812] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] ioctl(3, LOOP_CLR_FD [pid 1812] <... prctl resumed>) = 0 [pid 1790] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1812] setpgid(0, 0 [pid 289] close(3 [pid 1812] <... setpgid resumed>) = 0 [pid 1801] ioctl(4, LOOP_CLR_FD [pid 1793] <... openat resumed>) = 4 [pid 289] <... close resumed>) = 0 [pid 1812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1801] <... ioctl resumed>) = 0 [pid 1793] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1812] <... openat resumed>) = 3 [pid 1801] close(4 [pid 1793] <... futex resumed>) = 1 [pid 1790] <... futex resumed>) = 0 [pid 1812] write(3, "1000", 4 [pid 1801] <... close resumed>) = 0 [pid 1793] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1790] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1814 [pid 1812] <... write resumed>) = 4 [pid 1801] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1790] <... futex resumed>) = 0 [pid 1812] close(3 [pid 1801] <... futex resumed>) = 1 [pid 1800] <... futex resumed>) = 0 [pid 1793] write(4, "#! \n", 4 [pid 1790] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] <... close resumed>) = 0 [pid 1812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1812] write(1, "executing program\n", 18) = 18 [pid 1812] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1812] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1812] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1815]}, 88) = 1815 [pid 1812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1812] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1812] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1815 attached [pid 1800] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... futex resumed>) = 0 [pid 1815] set_robust_list(0x7f0aecccf9a0, 24 [pid 1800] <... futex resumed>) = 0 [pid 1793] <... write resumed>) = 4 [pid 1790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1801] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1800] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1793] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1815] <... set_robust_list resumed>) = 0 [pid 1793] <... futex resumed>) = 0 [pid 1790] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1815] rt_sigprocmask(SIG_SETMASK, [], [pid 1801] <... openat resumed>) = 4 [pid 1790] <... mprotect resumed>) = 0 [pid 1793] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1801] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1801] <... futex resumed>) = 1 [pid 1800] <... futex resumed>) = 0 [pid 1790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1801] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1800] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1800] <... futex resumed>) = 0 [pid 1815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1801] write(4, "#! \n", 4 [pid 1800] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] <... write resumed>) = 4 [pid 1800] <... futex resumed>) = 0 [pid 1790] <... clone3 resumed> => {parent_tid=[1816]}, 88) = 1816 [pid 1801] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1790] rt_sigprocmask(SIG_SETMASK, [], [pid 1801] <... futex resumed>) = 0 [pid 1800] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1801] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1800] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1790] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1800] <... mprotect resumed>) = 0 [pid 1790] <... futex resumed>) = 0 [pid 1815] memfd_create("syzkaller", 0 [pid 1800] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1790] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1816 attached ./strace-static-x86_64: Process 1814 attached [pid 1809] <... ioctl resumed>) = 0 [pid 1800] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1815] <... memfd_create resumed>) = 3 [pid 1814] set_robust_list(0x555594a056a0, 24 [pid 1809] close(3 [pid 1800] <... clone3 resumed> => {parent_tid=[1817]}, 88) = 1817 [pid 1800] rt_sigprocmask(SIG_SETMASK, [], [pid 1815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1814] <... set_robust_list resumed>) = 0 [pid 1809] <... close resumed>) = 0 [pid 1800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1800] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... mmap resumed>) = 0x7f0ae48af000 [pid 1814] chdir("./49" [pid 1809] close(4 [pid 1800] <... futex resumed>) = 0 [pid 1800] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1817 attached [pid 1816] set_robust_list(0x7f0aeccae9a0, 24 [pid 1814] <... chdir resumed>) = 0 [pid 1814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1814] setpgid(0, 0) = 0 [pid 1814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1817] set_robust_list(0x7f0aeccae9a0, 24 [pid 1816] <... set_robust_list resumed>) = 0 [pid 1814] <... openat resumed>) = 3 [pid 1816] rt_sigprocmask(SIG_SETMASK, [], [pid 1814] write(3, "1000", 4) = 4 [pid 1814] close(3) = 0 [pid 1814] symlink("/dev/binderfs", "./binderfs"executing program [pid 1816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1814] <... symlink resumed>) = 0 [pid 1814] write(1, "executing program\n", 18) = 18 [pid 1814] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1814] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1818]}, 88) = 1818 [pid 1814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1814] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1818 attached [pid 1818] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1818] rt_sigprocmask(SIG_SETMASK, [], [pid 1815] <... write resumed>) = 524288 [pid 1818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1818] memfd_create("syzkaller", 0) = 3 [pid 1816] write(4, "#! \n", 4 [pid 1815] munmap(0x7f0ae48af000, 138412032 [pid 1818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1816] <... write resumed>) = 4 [pid 1815] <... munmap resumed>) = 0 [pid 1816] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1815] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1817] <... set_robust_list resumed>) = 0 [pid 1790] <... futex resumed>) = 0 [pid 1790] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1793] <... futex resumed>) = 0 [pid 1790] <... futex resumed>) = 1 [pid 1816] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1793] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1790] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1817] rt_sigprocmask(SIG_SETMASK, [], [pid 1793] <... mmap resumed>) = 0x200000000000 [pid 1793] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1790] <... futex resumed>) = 0 [pid 1818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1790] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1817] write(4, "#! \n", 4) = 4 [pid 1817] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1818] <... write resumed>) = 524288 [pid 1818] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1818] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1790] <... futex resumed>) = 0 [pid 1790] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1800] <... futex resumed>) = 0 [pid 1800] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1800] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] <... futex resumed>) = 0 [pid 1801] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1801] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1800] <... futex resumed>) = 0 [pid 1801] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1800] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1793] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1817] <... futex resumed>) = ? [pid 1800] <... futex resumed>) = ? [pid 1817] +++ killed by SIGBUS +++ [pid 1816] <... futex resumed>) = ? [pid 1790] <... futex resumed>) = ? [pid 1816] +++ killed by SIGBUS +++ [pid 1793] +++ killed by SIGBUS +++ [pid 1790] +++ killed by SIGBUS +++ [pid 1801] +++ killed by SIGBUS +++ [pid 1800] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1790, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1800, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1809] <... close resumed>) = 0 [pid 1809] mkdir("./file2", 0777) = 0 [pid 1809] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 290] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 46.428112][ T1793] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 46.434241][ T1801] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1818] <... openat resumed>) = 4 [pid 1815] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 1818] ioctl(4, LOOP_SET_FD, 3 [pid 1815] ioctl(4, LOOP_SET_FD, 3 [pid 290] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./49/file2") = 0 [pid 290] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./49/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./49") = 0 [pid 290] mkdir("./50", 0777) = 0 [pid 1809] <... mount resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1809] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1809] chdir("./file2") = 0 [pid 1809] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1818] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 1818] close(3) = 0 [pid 1818] close(4 [pid 288] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1815] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1815] close(3) = 0 [pid 1815] close(4 [pid 288] newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./48/file2") = 0 [pid 288] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./48/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./48") = 0 [pid 288] mkdir("./49", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1809] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 3 [pid 1809] ioctl(4, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 1818] <... close resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 1818] mkdir("./file2", 0777 [pid 290] ioctl(3, LOOP_CLR_FD [pid 1818] <... mkdir resumed>) = 0 [pid 1818] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1815] <... close resumed>) = 0 [pid 1809] <... ioctl resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1815] mkdir("./file2", 0777 [pid 1809] close(4 [pid 288] close(3 [pid 1815] <... mkdir resumed>) = 0 [pid 1815] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program executing program [pid 1809] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... close resumed>) = 0 [pid 1809] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1809] <... futex resumed>) = 1 [pid 1805] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 1809] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1805] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1823 [pid 1809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1805] <... futex resumed>) = 0 [pid 1809] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1805] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1824 [pid 1809] <... openat resumed>) = 4 [pid 1809] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1805] <... futex resumed>) = 0 [pid 1809] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1805] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1805] <... futex resumed>) = 0 [pid 1809] write(4, "#! \n", 4 [pid 1805] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1809] <... write resumed>) = 4 [pid 1805] <... futex resumed>) = 0 [pid 1809] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1809] <... futex resumed>) = 0 [pid 1805] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1809] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1805] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1805] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1825]}, 88) = 1825 [pid 1805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1805] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1805] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1824 attached [pid 1824] set_robust_list(0x555594a056a0, 24) = 0 [pid 1824] chdir("./50") = 0 [pid 1824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1824] setpgid(0, 0) = 0 [pid 1824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1824] write(3, "1000", 4) = 4 [pid 1824] close(3) = 0 [pid 1824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1824] write(1, "executing program\n", 18) = 18 [pid 1824] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1823 attached ) = 0 [pid 1824] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1823] set_robust_list(0x555594a056a0, 24 [pid 1824] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1823] <... set_robust_list resumed>) = 0 [pid 1824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1823] chdir("./49" [pid 1824] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1824] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1824] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1823] <... chdir resumed>) = 0 [pid 1823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1823] setpgid(0, 0) = 0 [pid 1823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1824] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1823] <... openat resumed>) = 3 [pid 1824] <... clone3 resumed> => {parent_tid=[1827]}, 88) = 1827 [pid 1824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1824] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1823] write(3, "1000", 4) = 4 [pid 1824] <... futex resumed>) = 0 [pid 1824] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1823] close(3) = 0 [pid 1823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1823] write(1, "executing program\n", 18) = 18 [pid 1823] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1823] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1823] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1823] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1828]}, 88) = 1828 [pid 1823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1823] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1823] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1818] <... mount resumed>) = 0 [pid 1818] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1818] chdir("./file2") = 0 [pid 1818] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1818] ioctl(4, LOOP_CLR_FD) = 0 [pid 1818] close(4) = 0 [pid 1818] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1818] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1814] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1814] <... futex resumed>) = 0 [pid 1818] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1814] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1818] <... openat resumed>) = 4 [pid 1818] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1818] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1814] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1814] <... futex resumed>) = 0 [pid 1818] write(4, "#! \n", 4 [pid 1814] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... write resumed>) = 4 [pid 1814] <... futex resumed>) = 0 [pid 1818] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1818] <... futex resumed>) = 0 [pid 1814] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1818] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1814] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1830]}, 88) = 1830 [pid 1814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1814] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1827 attached [pid 1827] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1827] memfd_create("syzkaller", 0) = 3 [pid 1827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1828 attached [pid 1828] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1828] memfd_create("syzkaller", 0) = 3 [pid 1828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1830 attached [pid 1830] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1830] write(4, "#! \n", 4) = 4 [pid 1830] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = 0 [pid 1814] <... futex resumed>) = 1 [pid 1818] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1814] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1818] <... mmap resumed>) = 0x200000000000 [pid 1818] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1818] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1814] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1814] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1825 attached [pid 1814] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... mount resumed>) = 0 [pid 1825] set_robust_list(0x7f0aeccae9a0, 24 [pid 1815] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1830] <... futex resumed>) = 1 [pid 1830] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1815] <... openat resumed>) = 3 [pid 1828] <... write resumed>) = 524288 [pid 1825] <... set_robust_list resumed>) = 0 [pid 1815] chdir("./file2" [pid 1828] munmap(0x7f0ae48af000, 138412032 [pid 1815] <... chdir resumed>) = 0 [pid 1825] rt_sigprocmask(SIG_SETMASK, [], [pid 1828] <... munmap resumed>) = 0 [pid 1828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1828] ioctl(4, LOOP_SET_FD, 3 [pid 1818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1830] <... futex resumed>) = ? [pid 1814] <... futex resumed>) = ? [pid 1825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1815] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1830] +++ killed by SIGBUS +++ [pid 1825] write(4, "#! \n", 4) = 4 [pid 1825] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] +++ killed by SIGBUS +++ [pid 1814] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1814, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1828] <... ioctl resumed>) = 0 [pid 1828] close(3 [pid 1815] <... openat resumed>) = 4 [pid 1825] <... futex resumed>) = 1 [pid 1805] <... futex resumed>) = 0 [pid 1815] ioctl(4, LOOP_CLR_FD [pid 1825] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1805] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... ioctl resumed>) = 0 [pid 1809] <... futex resumed>) = 0 [pid 1815] close(4 [pid 1805] <... futex resumed>) = 1 [pid 1809] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1815] <... close resumed>) = 0 [pid 1805] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... close resumed>) = 0 [pid 1828] close(4 [pid 1809] <... mmap resumed>) = 0x200000000000 [pid 1815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1809] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... futex resumed>) = 1 [pid 1812] <... futex resumed>) = 0 [pid 1815] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1809] <... futex resumed>) = 1 [pid 1805] <... futex resumed>) = 0 [pid 1815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1812] <... futex resumed>) = 0 [pid 1809] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1815] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1812] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1805] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] <... write resumed>) = 524288 [pid 1827] munmap(0x7f0ae48af000, 138412032 [pid 1805] <... futex resumed>) = 0 [pid 1827] <... munmap resumed>) = 0 [pid 1827] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1805] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... openat resumed>) = 4 [pid 1815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1815] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... futex resumed>) = 0 [pid 1812] <... futex resumed>) = 1 [pid 1815] write(4, "#! \n", 4 [pid 1812] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... write resumed>) = 4 [pid 1812] <... futex resumed>) = 0 [pid 1815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1815] <... futex resumed>) = 0 [pid 1812] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1815] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1834]}, 88) = 1834 [pid 1812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1812] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1812] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1834 attached [pid 1834] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1834] write(4, "#! \n", 4) = 4 [pid 1834] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... futex resumed>) = 0 [pid 1812] <... futex resumed>) = 1 [pid 1815] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1812] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... mmap resumed>) = 0x200000000000 [pid 289] <... restart_syscall resumed>) = 0 [pid 1815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1834] <... futex resumed>) = 1 [pid 1834] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1825] <... futex resumed>) = ? [pid 1805] <... futex resumed>) = ? [pid 1825] +++ killed by SIGBUS +++ [pid 1809] +++ killed by SIGBUS +++ [pid 1805] +++ killed by SIGBUS +++ [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1805, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... restart_syscall resumed>) = 0 [ 46.723769][ T1818] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 46.745252][ T1809] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 291] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1812] <... futex resumed>) = ? [pid 291] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, [pid 1834] <... futex resumed>) = ? [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1815] +++ killed by SIGBUS +++ [pid 1834] +++ killed by SIGBUS +++ [pid 1812] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1812, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1828] <... close resumed>) = 0 [pid 1827] <... openat resumed>) = 4 [pid 1828] mkdir("./file2", 0777 [pid 1827] ioctl(4, LOOP_SET_FD, 3 [pid 1828] <... mkdir resumed>) = 0 [pid 1828] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 287] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./52/file2") = 0 [pid 287] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./52/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./52") = 0 [pid 287] mkdir("./53", 0777) = 0 [ 46.750376][ T1815] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1827] <... ioctl resumed>) = 0 [pid 1827] close(3 [pid 289] <... umount2 resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1827] <... close resumed>) = 0 [pid 1827] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 289] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 291] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./49/file2", [pid 291] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... openat resumed>) = 4 [pid 289] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 291] newfstatat(4, "", [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./49/file2" [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 289] <... rmdir resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./50/file2" [pid 289] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... rmdir resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(AT_FDCWD, "./49/binderfs", [pid 291] unlink("./50/binderfs") = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] getdents64(3, [pid 289] unlink("./49/binderfs" [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./50" [pid 289] <... unlink resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 289] getdents64(3, [pid 291] mkdir("./51", 0777) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] close(3 [pid 1828] <... mount resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 1828] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1828] chdir("./file2") = 0 [pid 1828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] rmdir("./49") = 0 [pid 289] mkdir("./50", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1827] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1827] mkdir("./file2", 0777) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1827] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1838 ./strace-static-x86_64: Process 1838 attached [pid 1838] set_robust_list(0x555594a056a0, 24) = 0 [pid 1838] chdir("./53") = 0 [pid 1838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1838] setpgid(0, 0) = 0 [pid 1838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1838] write(3, "1000", 4) = 4 [pid 1838] close(3) = 0 [pid 1838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1838] write(1, "executing program\n", 18executing program ) = 18 [pid 1838] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1838] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1838] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1839]}, 88) = 1839 ./strace-static-x86_64: Process 1839 attached [pid 1838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1839] set_robust_list(0x7f0aecccf9a0, 24 [pid 1838] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... set_robust_list resumed>) = 0 [pid 1838] <... futex resumed>) = 0 [pid 1839] rt_sigprocmask(SIG_SETMASK, [], [pid 1838] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1839] memfd_create("syzkaller", 0) = 3 [pid 1839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1839] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1828] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 1828] ioctl(4, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 1828] <... ioctl resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1828] close(4 [pid 291] close(3 [pid 289] close(3 [pid 1828] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 1839] <... openat resumed>) = 4 [pid 1828] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1828] <... futex resumed>) = 1 [pid 1823] <... futex resumed>) = 0 [pid 1839] ioctl(4, LOOP_SET_FD, 3 [pid 1823] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1828] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1823] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1842 attached ./strace-static-x86_64: Process 1840 attached [pid 1839] <... ioctl resumed>) = 0 [pid 1828] <... openat resumed>) = 4 [pid 1827] <... mount resumed>) = 0 [pid 1823] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1840 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1842 [pid 1842] set_robust_list(0x555594a056a0, 24 [pid 1840] set_robust_list(0x555594a056a0, 24 [pid 1828] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1842] <... set_robust_list resumed>) = 0 [pid 1840] <... set_robust_list resumed>) = 0 [pid 1828] <... futex resumed>) = 0 [pid 1827] <... openat resumed>) = 3 [pid 1823] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] chdir("./50" [pid 1840] chdir("./51" [pid 1839] close(3 [pid 1828] write(4, "#! \n", 4 [pid 1827] chdir("./file2" [pid 1823] <... futex resumed>) = 0 [pid 1842] <... chdir resumed>) = 0 [pid 1840] <... chdir resumed>) = 0 [pid 1828] <... write resumed>) = 4 [pid 1827] <... chdir resumed>) = 0 [pid 1823] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1828] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1823] <... futex resumed>) = 0 [pid 1842] <... prctl resumed>) = 0 [pid 1840] <... prctl resumed>) = 0 [pid 1828] <... futex resumed>) = 0 [pid 1827] <... openat resumed>) = 4 [pid 1823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1842] setpgid(0, 0 [pid 1840] setpgid(0, 0 [pid 1828] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] ioctl(4, LOOP_CLR_FD [pid 1823] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1842] <... setpgid resumed>) = 0 [pid 1840] <... setpgid resumed>) = 0 [pid 1827] <... ioctl resumed>) = 0 [pid 1823] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1827] close(4 [pid 1823] <... mprotect resumed>) = 0 [pid 1842] <... openat resumed>) = 3 [pid 1840] <... openat resumed>) = 3 [pid 1827] <... close resumed>) = 0 [pid 1823] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1842] write(3, "1000", 4 [pid 1840] write(3, "1000", 4 [pid 1827] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1823] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1842] <... write resumed>) = 4 [pid 1840] <... write resumed>) = 4 [pid 1827] <... futex resumed>) = 1 [pid 1824] <... futex resumed>) = 0 [pid 1823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1842] close(3 [pid 1840] close(3 [pid 1827] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1824] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... close resumed>) = 0 [pid 1840] <... close resumed>) = 0 [pid 1827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1824] <... futex resumed>) = 0 [pid 1823] <... clone3 resumed> => {parent_tid=[1845]}, 88) = 1845 [pid 1842] symlink("/dev/binderfs", "./binderfs" [pid 1840] symlink("/dev/binderfs", "./binderfs" [pid 1827] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1824] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1823] rt_sigprocmask(SIG_SETMASK, [], executing program executing program [pid 1842] <... symlink resumed>) = 0 [pid 1840] <... symlink resumed>) = 0 [pid 1839] <... close resumed>) = 0 [pid 1827] <... openat resumed>) = 4 [pid 1823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1842] write(1, "executing program\n", 18 [pid 1840] write(1, "executing program\n", 18 [pid 1839] close(4 [pid 1827] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1823] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... write resumed>) = 18 [pid 1840] <... write resumed>) = 18 [pid 1827] <... futex resumed>) = 1 [pid 1824] <... futex resumed>) = 0 [pid 1823] <... futex resumed>) = 0 [pid 1842] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... close resumed>) = 0 [pid 1827] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1824] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1823] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 0 [pid 1827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1824] <... futex resumed>) = 0 [pid 1842] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1840] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1827] write(4, "#! \n", 4 [pid 1824] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1840] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1827] <... write resumed>) = 4 [pid 1824] <... futex resumed>) = 0 [pid 1842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1827] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1827] <... futex resumed>) = 0 [pid 1824] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1827] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1824] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1842] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1840] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1824] <... mprotect resumed>) = 0 [pid 1842] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1840] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1824] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1842] <... mprotect resumed>) = 0 [pid 1840] <... mprotect resumed>) = 0 [pid 1824] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1842] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1839] mkdir("./file2", 0777 [pid 1824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1842] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1839] <... mkdir resumed>) = 0 [pid 1824] <... clone3 resumed> => {parent_tid=[1846]}, 88) = 1846 [pid 1839] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1824] rt_sigprocmask(SIG_SETMASK, [], [pid 1842] <... clone3 resumed> => {parent_tid=[1847]}, 88) = 1847 [pid 1840] <... clone3 resumed> => {parent_tid=[1848]}, 88) = 1848 [pid 1824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1842] rt_sigprocmask(SIG_SETMASK, [], [pid 1840] rt_sigprocmask(SIG_SETMASK, [], [pid 1824] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1824] <... futex resumed>) = 0 [pid 1842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 0 [pid 1842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1840] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1845 attached ./strace-static-x86_64: Process 1846 attached [pid 1845] set_robust_list(0x7f0aeccae9a0, 24 [pid 1846] set_robust_list(0x7f0aeccae9a0, 24./strace-static-x86_64: Process 1848 attached ./strace-static-x86_64: Process 1847 attached [pid 1845] <... set_robust_list resumed>) = 0 [pid 1846] <... set_robust_list resumed>) = 0 [pid 1848] set_robust_list(0x7f0aecccf9a0, 24 [pid 1847] set_robust_list(0x7f0aecccf9a0, 24 [pid 1845] rt_sigprocmask(SIG_SETMASK, [], [pid 1846] rt_sigprocmask(SIG_SETMASK, [], [pid 1848] <... set_robust_list resumed>) = 0 [pid 1848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1847] <... set_robust_list resumed>) = 0 [pid 1846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1845] write(4, "#! \n", 4 [pid 1848] memfd_create("syzkaller", 0 [pid 1847] rt_sigprocmask(SIG_SETMASK, [], [pid 1846] write(4, "#! \n", 4 [pid 1848] <... memfd_create resumed>) = 3 [pid 1847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1845] <... write resumed>) = 4 [pid 1846] <... write resumed>) = 4 [pid 1846] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1824] <... futex resumed>) = 0 [pid 1824] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] <... futex resumed>) = 0 [pid 1824] <... futex resumed>) = 1 [pid 1827] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1824] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1827] <... mmap resumed>) = 0x200000000000 [pid 1827] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1824] <... futex resumed>) = 0 [pid 1827] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1824] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1824] <... futex resumed>) = 0 [pid 1848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1847] memfd_create("syzkaller", 0 [pid 1846] <... futex resumed>) = 1 [pid 1845] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1823] <... futex resumed>) = 0 [pid 1823] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1828] <... futex resumed>) = 0 [pid 1823] <... futex resumed>) = 1 [pid 1828] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1823] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... mmap resumed>) = 0x200000000000 [pid 1828] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1823] <... futex resumed>) = 0 [pid 1828] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1823] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1823] <... futex resumed>) = 0 [pid 1848] <... mmap resumed>) = 0x7f0ae48af000 [pid 1847] <... memfd_create resumed>) = 3 [pid 1846] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1845] <... futex resumed>) = 1 [pid 1827] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1824] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1845] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1824] <... futex resumed>) = ? [pid 1846] <... futex resumed>) = ? [pid 1846] +++ killed by SIGBUS +++ [pid 1848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1827] +++ killed by SIGBUS +++ [pid 1824] +++ killed by SIGBUS +++ [pid 1847] <... write resumed>) = 524288 [pid 1848] <... write resumed>) = 524288 [pid 1847] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1848] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1824, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1823] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1845] <... futex resumed>) = ? [pid 1823] <... futex resumed>) = ? [pid 1845] +++ killed by SIGBUS +++ [pid 1828] +++ killed by SIGBUS +++ [pid 1823] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1823, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1848] <... openat resumed>) = 4 [pid 1848] ioctl(4, LOOP_SET_FD, 3 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./50/file2") = 0 [pid 290] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./50/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [ 46.985488][ T1827] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 46.987588][ T1828] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] close(3) = 0 [pid 290] rmdir("./50") = 0 [pid 290] mkdir("./51", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1850 [pid 1847] <... openat resumed>) = 4 [pid 1847] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1850 attached ) = 0 [pid 1850] set_robust_list(0x555594a056a0, 24 [pid 1839] <... mount resumed>) = 0 [pid 1850] <... set_robust_list resumed>) = 0 [pid 1839] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1847] close(3 [pid 1850] chdir("./51" [pid 1839] <... openat resumed>) = 3 [pid 1847] <... close resumed>) = 0 [pid 1839] chdir("./file2" [pid 1850] <... chdir resumed>) = 0 [pid 1847] close(4 [pid 1839] <... chdir resumed>) = 0 [pid 1850] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1850] <... prctl resumed>) = 0 [pid 1850] setpgid(0, 0) = 0 [pid 1850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1850] write(3, "1000", 4) = 4 [pid 1850] close(3) = 0 [pid 1850] symlink("/dev/binderfs", "./binderfs" [pid 1848] <... ioctl resumed>) = 0 [pid 1850] <... symlink resumed>) = 0 [pid 1848] close(3) = 0 [pid 1848] close(4 executing program [pid 1850] write(1, "executing program\n", 18) = 18 [pid 1850] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1850] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1850] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1850] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1850] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 1854 attached [pid 1854] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1854] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1850] <... clone3 resumed> => {parent_tid=[1854]}, 88) = 1854 [pid 1850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1850] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1854] <... futex resumed>) = 0 [pid 1854] memfd_create("syzkaller", 0) = 3 [pid 1850] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1854] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1854] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1854] close(3) = 0 [pid 1854] close(4) = 0 [pid 1854] mkdir("./file2", 0777) = 0 [pid 1854] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1847] <... close resumed>) = 0 [pid 1847] mkdir("./file2", 0777) = 0 [pid 1847] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1848] <... close resumed>) = 0 [pid 1839] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./49/file2" [pid 1839] ioctl(4, LOOP_CLR_FD [pid 288] <... rmdir resumed>) = 0 [pid 288] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./49/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./49" [pid 1839] <... ioctl resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 1839] close(4 [pid 288] mkdir("./50", 0777 [pid 1839] <... close resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 1839] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1839] <... futex resumed>) = 1 [pid 1838] <... futex resumed>) = 0 [pid 1839] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1838] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1857 [pid 1839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 1857 attached [pid 1857] set_robust_list(0x555594a056a0, 24) = 0 [pid 1857] chdir("./50") = 0 [pid 1857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1857] setpgid(0, 0) = 0 [pid 1839] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1838] <... futex resumed>) = 0 [pid 1857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1857] write(3, "1000", 4) = 4 [pid 1857] close(3) = 0 [pid 1857] symlink("/dev/binderfs", "./binderfs" [pid 1848] mkdir("./file2", 0777 [pid 1839] <... openat resumed>) = 4 [pid 1838] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1839] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1838] <... futex resumed>) = 0 [pid 1839] write(4, "#! \n", 4 [pid 1838] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... write resumed>) = 4 [pid 1838] <... futex resumed>) = 0 [pid 1848] <... mkdir resumed>) = 0 [pid 1839] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1838] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... futex resumed>) = 0 [pid 1838] <... futex resumed>) = 0 [pid 1839] write(4, "#! \n", 4 [pid 1838] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1839] <... write resumed>) = 4 [pid 1839] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1838] <... futex resumed>) = 0 [pid 1839] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1838] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1838] <... futex resumed>) = 0 [pid 1839] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1838] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1839] <... mmap resumed>) = 0x200000000000 [pid 1839] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1838] <... futex resumed>) = 0 [pid 1839] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1838] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1838] <... futex resumed>) = 0 [pid 1848] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1857] <... symlink resumed>) = 0 executing program [pid 1857] write(1, "executing program\n", 18) = 18 [pid 1857] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1857] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1857] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1839] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 1860 attached [pid 1857] <... clone3 resumed> => {parent_tid=[1860]}, 88) = 1860 [pid 1854] <... mount resumed>) = 0 [pid 1839] +++ killed by SIGBUS +++ [pid 1838] +++ killed by SIGBUS +++ [pid 1857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1854] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1838, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1854] <... openat resumed>) = 3 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1854] chdir("./file2" [pid 1860] set_robust_list(0x7f0aecccf9a0, 24 [pid 1854] <... chdir resumed>) = 0 [pid 1860] <... set_robust_list resumed>) = 0 [pid 1854] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1860] memfd_create("syzkaller", 0) = 3 [pid 1860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1860] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1860] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... restart_syscall resumed>) = 0 [pid 1847] <... mount resumed>) = 0 [pid 287] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1847] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1847] <... openat resumed>) = 3 [pid 1847] chdir("./file2" [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 1847] <... chdir resumed>) = 0 [pid 1847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1860] <... openat resumed>) = 4 [pid 1854] <... openat resumed>) = 4 [pid 1860] ioctl(4, LOOP_SET_FD, 3 [pid 1854] ioctl(4, LOOP_CLR_FD [pid 1847] <... openat resumed>) = 4 [pid 1860] <... ioctl resumed>) = 0 [pid 1847] ioctl(4, LOOP_CLR_FD [pid 1860] close(3) = 0 [ 47.226096][ T1839] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1860] close(4 [pid 1848] <... mount resumed>) = 0 [pid 1848] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1848] chdir("./file2") = 0 [pid 1848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1854] <... ioctl resumed>) = 0 [pid 1854] close(4) = 0 [pid 1854] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1854] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1847] <... ioctl resumed>) = 0 [pid 1847] close(4) = 0 [pid 1847] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] <... futex resumed>) = 0 [pid 1847] <... futex resumed>) = 1 [pid 1842] <... futex resumed>) = 0 [pid 1847] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... futex resumed>) = 0 [pid 1854] <... futex resumed>) = 0 [pid 1850] <... futex resumed>) = 1 [pid 1847] <... openat resumed>) = 4 [pid 1854] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1850] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1854] <... openat resumed>) = 4 [pid 1854] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1850] <... futex resumed>) = 0 [pid 1854] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1850] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1850] <... futex resumed>) = 0 [pid 1854] write(4, "#! \n", 4 [pid 1850] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1854] <... write resumed>) = 4 [pid 1850] <... futex resumed>) = 0 [pid 1854] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1847] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1854] <... futex resumed>) = 0 [pid 1850] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1847] write(4, "#! \n", 4 [pid 1842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1854] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1850] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1842] <... futex resumed>) = 0 [pid 1850] <... mprotect resumed>) = 0 [pid 1847] <... write resumed>) = 4 [pid 1842] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1842] <... futex resumed>) = 0 [pid 1850] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1847] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1847] <... futex resumed>) = 0 [pid 1842] <... mmap resumed>) = 0x7f0aecc8e000 ./strace-static-x86_64: Process 1866 attached [pid 1850] <... clone3 resumed> => {parent_tid=[1866]}, 88) = 1866 [pid 1850] rt_sigprocmask(SIG_SETMASK, [], [pid 1847] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1842] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1850] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1850] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1866] rt_sigprocmask(SIG_SETMASK, [], [pid 1842] <... mprotect resumed>) = 0 [pid 1866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1866] write(4, "#! \n", 4) = 4 [pid 1866] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] <... futex resumed>) = 0 [pid 1850] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1854] <... futex resumed>) = 0 [pid 1850] <... futex resumed>) = 1 [pid 1854] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1850] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1854] <... mmap resumed>) = 0x200000000000 [pid 1842] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1854] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1850] <... futex resumed>) = 0 [pid 1854] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1850] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1850] <... futex resumed>) = 0 [pid 1866] <... futex resumed>) = 1 [pid 1842] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1867]}, 88) = 1867 [pid 1842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1842] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1842] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1850] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1867 attached [pid 1867] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1867] write(4, "#! \n", 4) = 4 [pid 1867] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... futex resumed>) = 0 [pid 1842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 1 [pid 1847] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] <... mmap resumed>) = 0x200000000000 [pid 1847] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1842] <... futex resumed>) = 0 [pid 1847] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1842] <... futex resumed>) = 0 [pid 1867] <... futex resumed>) = 1 [pid 1854] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1866] <... futex resumed>) = ? [pid 1850] <... futex resumed>) = ? [pid 1867] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1866] +++ killed by SIGBUS +++ [pid 1854] +++ killed by SIGBUS +++ [pid 1850] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1850, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1847] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1842] <... futex resumed>) = ? [pid 1867] <... futex resumed>) = ? [pid 1867] +++ killed by SIGBUS +++ [pid 1847] +++ killed by SIGBUS +++ [pid 1842] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1842, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1860] <... close resumed>) = 0 [pid 1860] mkdir("./file2", 0777) = 0 [pid 1848] <... openat resumed>) = 4 [pid 1860] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./53/file2") = 0 [pid 287] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./53/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./53") = 0 [pid 287] mkdir("./54", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1848] ioctl(4, LOOP_CLR_FD [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1848] <... ioctl resumed>) = 0 [pid 287] close(3) = 0 [pid 1848] close(4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1848] <... close resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 1868 attached [pid 1848] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1868 [pid 1868] set_robust_list(0x555594a056a0, 24 [pid 1848] <... futex resumed>) = 1 [pid 1840] <... futex resumed>) = 0 [pid 1868] <... set_robust_list resumed>) = 0 [pid 1848] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1840] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1868] chdir("./54" [pid 1848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1840] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1868] <... chdir resumed>) = 0 [pid 1848] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000executing program [pid 1840] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] <... openat resumed>) = 3 [pid 1868] <... prctl resumed>) = 0 [pid 289] newfstatat(3, "", [pid 1868] setpgid(0, 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1848] <... openat resumed>) = 4 [pid 1868] <... setpgid resumed>) = 0 [pid 289] getdents64(3, [pid 1868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1848] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1868] <... openat resumed>) = 3 [pid 1848] <... futex resumed>) = 1 [pid 1840] <... futex resumed>) = 0 [pid 289] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1868] write(3, "1000", 4 [pid 1848] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1840] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... write resumed>) = 4 [pid 1848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1840] <... futex resumed>) = 0 [pid 1868] close(3) = 0 [pid 1868] symlink("/dev/binderfs", "./binderfs" [pid 1848] write(4, "#! \n", 4 [pid 1840] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... symlink resumed>) = 0 [pid 1868] write(1, "executing program\n", 18) = 18 [pid 1868] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1860] <... mount resumed>) = 0 [pid 1840] <... futex resumed>) = 0 [pid 1868] <... futex resumed>) = 0 [pid 1848] <... write resumed>) = 4 [pid 1840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1868] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1848] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1868] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1840] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1860] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1848] <... futex resumed>) = 0 [pid 1840] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1860] <... openat resumed>) = 3 [pid 1848] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1840] <... mprotect resumed>) = 0 [pid 1860] chdir("./file2" [pid 1868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1860] <... chdir resumed>) = 0 [pid 1840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1868] <... clone3 resumed> => {parent_tid=[1871]}, 88) = 1871 [pid 1860] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1840] <... clone3 resumed> => {parent_tid=[1872]}, 88) = 1872 [pid 1868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] rt_sigprocmask(SIG_SETMASK, [], [pid 1868] <... futex resumed>) = 0 [pid 1840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1840] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1840] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1872 attached [pid 1872] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1872] write(4, "#! \n", 4) = 4 [pid 1872] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] <... futex resumed>) = 0 [pid 1840] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 1 [pid 1848] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1840] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1871 attached [pid 1871] set_robust_list(0x7f0aecccf9a0, 24 [pid 1872] <... futex resumed>) = 1 [pid 1848] <... mmap resumed>) = 0x200000000000 [pid 1848] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1840] <... futex resumed>) = 0 [ 47.315565][ T1854] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 47.327603][ T1847] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1872] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1871] <... set_robust_list resumed>) = 0 [pid 1840] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1871] memfd_create("syzkaller", 0) = 3 [pid 1871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1871] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1840] <... futex resumed>) = 0 [pid 1840] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1848] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1840] <... futex resumed>) = ? [pid 1872] <... futex resumed>) = ? [pid 1872] +++ killed by SIGBUS +++ [pid 1848] +++ killed by SIGBUS +++ [pid 1840] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1840, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 47.363421][ T1848] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 47.378521][ T24] kauditd_printk_skb: 3 callbacks suppressed [ 47.378543][ T24] audit: type=1400 audit(1742451843.130:79): avc: denied { remove_name } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [pid 291] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./51/file2") = 0 [pid 290] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./51/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./51") = 0 [pid 290] mkdir("./52", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1871] <... openat resumed>) = 4 [pid 1860] <... openat resumed>) = 4 [pid 1871] ioctl(4, LOOP_SET_FD, 3 [pid 1860] ioctl(4, LOOP_CLR_FD [pid 1871] <... ioctl resumed>) = 0 [pid 1871] close(3) = 0 [pid 1871] close(4 [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1874 ./strace-static-x86_64: Process 1874 attached [pid 1874] set_robust_list(0x555594a056a0, 24) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./50/file2", [pid 1874] chdir("./52" [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1874] <... chdir resumed>) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./50/file2" [pid 1874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 1874] setpgid(0, 0 [pid 289] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1874] <... setpgid resumed>) = 0 [pid 1874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1874] write(3, "1000", 4) = 4 [pid 1874] close(3) = 0 [pid 1874] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1874] write(1, "executing program\n", 18) = 18 [pid 1874] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1874] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1874] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 289] newfstatat(AT_FDCWD, "./50/binderfs", [pid 1874] <... clone3 resumed> => {parent_tid=[1875]}, 88) = 1875 [pid 1874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1874] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1874] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1875 attached [pid 1875] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1875] memfd_create("syzkaller", 0) = 3 [pid 1875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./50/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./50" [pid 1875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 289] <... rmdir resumed>) = 0 [pid 289] mkdir("./51", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1875] <... write resumed>) = 524288 [pid 1875] munmap(0x7f0ae48af000, 138412032) = 0 [ 47.406472][ T24] audit: type=1400 audit(1742451843.130:80): avc: denied { rename } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 1875] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1860] <... ioctl resumed>) = 0 [pid 1860] close(4 [pid 1871] <... close resumed>) = 0 [pid 1871] mkdir("./file2", 0777) = 0 [pid 1871] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1860] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 1860] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1857] <... futex resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 1860] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1857] <... futex resumed>) = 0 [pid 289] close(3 [pid 1860] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... close resumed>) = 0 [pid 1860] <... openat resumed>) = 4 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1860] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1857] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 1860] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1876 [pid 1860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1857] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1860] write(4, "#! \n", 4 [pid 1857] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./51/file2", [pid 1860] <... write resumed>) = 4 [pid 1857] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1860] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1860] <... futex resumed>) = 0 [pid 1857] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1860] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1857] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1857] <... mprotect resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", [pid 1857] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1857] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] getdents64(4, [pid 1857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 1857] <... clone3 resumed> => {parent_tid=[1877]}, 88) = 1877 [pid 291] rmdir("./51/file2"./strace-static-x86_64: Process 1877 attached ./strace-static-x86_64: Process 1876 attached [pid 1857] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... rmdir resumed>) = 0 [pid 291] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./51/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./51") = 0 [pid 1857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] mkdir("./52", 0777 [pid 1857] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... mkdir resumed>) = 0 [pid 1857] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1857] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 3 [pid 1876] set_robust_list(0x555594a056a0, 24 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1879 [pid 1875] <... openat resumed>) = 4 [pid 1876] <... set_robust_list resumed>) = 0 [pid 1875] ioctl(4, LOOP_SET_FD, 3 [pid 1877] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1877] rt_sigprocmask(SIG_SETMASK, [], [pid 1876] chdir("./51") = 0 [pid 1877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1877] write(4, "#! \n", 4) = 4 ./strace-static-x86_64: Process 1879 attached [pid 1877] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1876] setpgid(0, 0) = 0 [pid 1876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1876] write(3, "1000", 4) = 4 [pid 1876] close(3) = 0 [pid 1871] <... mount resumed>) = 0 [pid 1876] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1876] write(1, "executing program\n", 18) = 18 [pid 1879] set_robust_list(0x555594a056a0, 24 [pid 1876] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1857] <... futex resumed>) = 0 [pid 1879] <... set_robust_list resumed>) = 0 [pid 1877] <... futex resumed>) = 1 [pid 1876] <... futex resumed>) = 0 [pid 1871] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] chdir("./52" [pid 1877] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1876] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1871] <... openat resumed>) = 3 [pid 1860] <... futex resumed>) = 0 [pid 1857] <... futex resumed>) = 1 [pid 1879] <... chdir resumed>) = 0 [pid 1876] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1871] chdir("./file2" [pid 1860] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1871] <... chdir resumed>) = 0 [pid 1860] <... mmap resumed>) = 0x200000000000 [pid 1879] <... prctl resumed>) = 0 [pid 1876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1860] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] setpgid(0, 0 [pid 1876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1871] <... openat resumed>) = 4 [pid 1860] <... futex resumed>) = 1 [pid 1857] <... futex resumed>) = 0 [pid 1879] <... setpgid resumed>) = 0 [pid 1876] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1871] ioctl(4, LOOP_CLR_FD [pid 1860] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1876] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1871] <... ioctl resumed>) = 0 [pid 1860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1857] <... futex resumed>) = 0 [pid 1879] <... openat resumed>) = 3 [pid 1876] <... mprotect resumed>) = 0 [pid 1875] <... ioctl resumed>) = 0 [pid 1871] close(4 [pid 1879] write(3, "1000", 4 [pid 1876] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1875] close(3 [pid 1871] <... close resumed>) = 0 [pid 1857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] <... write resumed>) = 4 [pid 1876] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1875] <... close resumed>) = 0 [pid 1871] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1860] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1879] close(3 [pid 1876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1875] close(4 [pid 1871] <... futex resumed>) = 1 [pid 1868] <... futex resumed>) = 0 [pid 1857] <... futex resumed>) = 0 [pid 1879] <... close resumed>) = 0 [pid 1877] <... futex resumed>) = ? [pid 1875] <... close resumed>) = 0 [pid 1871] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] symlink("/dev/binderfs", "./binderfs" [pid 1877] +++ killed by SIGBUS +++ [pid 1876] <... clone3 resumed> => {parent_tid=[1882]}, 88) = 1882 [pid 1875] mkdir("./file2", 0777 [pid 1871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1868] <... futex resumed>) = 0 [pid 1879] <... symlink resumed>) = 0 [pid 1876] rt_sigprocmask(SIG_SETMASK, [], [pid 1875] <... mkdir resumed>) = 0 [pid 1871] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 1879] write(1, "executing program\n", 18 [pid 1876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1875] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1871] <... openat resumed>) = 4 [pid 1860] +++ killed by SIGBUS +++ [pid 1857] +++ killed by SIGBUS +++ [pid 1879] <... write resumed>) = 18 [pid 1876] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1868] <... futex resumed>) = 0 [pid 1871] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1868] <... futex resumed>) = 0 [pid 1871] write(4, "#! \n", 4 [pid 1868] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... write resumed>) = 4 [pid 1868] <... futex resumed>) = 0 [pid 1871] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1871] <... futex resumed>) = 0 [pid 1868] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1871] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1883]}, 88) = 1883 [pid 1868] rt_sigprocmask(SIG_SETMASK, [], [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1857, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- ./strace-static-x86_64: Process 1882 attached [pid 1879] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1876] <... futex resumed>) = 0 [pid 1868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 1882] set_robust_list(0x7f0aecccf9a0, 24 [pid 1879] <... futex resumed>) = 0 [pid 1876] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1868] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1882] <... set_robust_list resumed>) = 0 [pid 1879] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1868] <... futex resumed>) = 0 [pid 1882] rt_sigprocmask(SIG_SETMASK, [], [pid 1879] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1868] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1882] memfd_create("syzkaller", 0 [pid 1879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1882] <... memfd_create resumed>) = 3 [pid 1879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1879] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1882] <... mmap resumed>) = 0x7f0ae48af000 [pid 1879] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1879] <... mprotect resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 1879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 288] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1879] <... clone3 resumed> => {parent_tid=[1885]}, 88) = 1885 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1879] rt_sigprocmask(SIG_SETMASK, [], [pid 288] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1879] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... openat resumed>) = 3 [pid 1879] <... futex resumed>) = 0 [pid 288] newfstatat(3, "", [pid 1879] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1883 attached [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1883] set_robust_list(0x7f0aeccae9a0, 24 [pid 288] getdents64(3, [pid 1883] <... set_robust_list resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1883] rt_sigprocmask(SIG_SETMASK, [], [pid 288] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1883] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1885 attached [pid 1883] write(4, "#! \n", 4 [pid 1885] set_robust_list(0x7f0aecccf9a0, 24 [pid 1883] <... write resumed>) = 4 [pid 1885] <... set_robust_list resumed>) = 0 [pid 1883] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] rt_sigprocmask(SIG_SETMASK, [], [pid 1883] <... futex resumed>) = 1 [pid 1868] <... futex resumed>) = 0 [pid 1885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1883] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] memfd_create("syzkaller", 0 [pid 1875] <... mount resumed>) = 0 [pid 1871] <... futex resumed>) = 0 [pid 1868] <... futex resumed>) = 1 [pid 1885] <... memfd_create resumed>) = 3 [pid 1882] <... write resumed>) = 524288 [pid 1875] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1871] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1875] <... openat resumed>) = 3 [pid 1871] <... mmap resumed>) = 0x200000000000 [pid 1882] munmap(0x7f0ae48af000, 138412032 [ 47.560311][ T1860] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1875] chdir("./file2" [pid 1871] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] <... mmap resumed>) = 0x7f0ae48af000 [pid 1882] <... munmap resumed>) = 0 [pid 1875] <... chdir resumed>) = 0 [pid 1871] <... futex resumed>) = 1 [pid 1868] <... futex resumed>) = 0 [pid 1882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1875] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1871] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1868] <... futex resumed>) = 0 [pid 1885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1885] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1885] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1871] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1868] <... futex resumed>) = ? [pid 1883] <... futex resumed>) = ? [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./50/file2") = 0 [pid 288] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./50/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./50" [pid 1882] <... openat resumed>) = 4 [pid 288] <... rmdir resumed>) = 0 [pid 1882] ioctl(4, LOOP_SET_FD, 3 [pid 288] mkdir("./51", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1883] +++ killed by SIGBUS +++ [pid 1882] <... ioctl resumed>) = 0 [pid 1871] +++ killed by SIGBUS +++ [pid 1868] +++ killed by SIGBUS +++ [pid 1882] close(3 [pid 1875] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 3 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1868, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1875] ioctl(4, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1882] <... close resumed>) = 0 [pid 1875] <... ioctl resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1882] close(4 [pid 1875] close(4 [pid 288] close(3 [pid 1882] <... close resumed>) = 0 [pid 1875] <... close resumed>) = 0 [pid 1882] mkdir("./file2", 0777 [pid 288] <... close resumed>) = 0 [pid 1875] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] <... openat resumed>) = 4 [pid 1885] ioctl(4, LOOP_SET_FD, 3 [pid 1875] <... futex resumed>) = 1 [pid 1874] <... futex resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1882] <... mkdir resumed>) = 0 [pid 1875] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1874] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1889 attached [pid 1882] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1874] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1889 [pid 1875] <... openat resumed>) = 4 [pid 287] <... restart_syscall resumed>) = 0 [pid 1875] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1874] <... futex resumed>) = 0 [pid 1875] write(4, "#! \n", 4 [pid 1874] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1875] <... write resumed>) = 4 [pid 1874] <... futex resumed>) = 0 [pid 287] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1875] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1874] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1875] <... futex resumed>) = 0 [pid 1874] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1875] write(4, "#! \n", 4 [pid 1874] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1875] <... write resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 1875] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1874] <... futex resumed>) = 0 [pid 287] newfstatat(3, "", [pid 1875] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1874] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1874] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1875] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1874] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(3, [pid 1875] <... mmap resumed>) = 0x200000000000 [pid 1875] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1875] <... futex resumed>) = 1 [pid 1874] <... futex resumed>) = 0 [pid 1875] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1889] set_robust_list(0x555594a056a0, 24 [pid 1885] <... ioctl resumed>) = 0 [pid 1875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1874] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] close(3) = 0 [pid 1885] close(4 [pid 1889] <... set_robust_list resumed>) = 0 [pid 1889] chdir("./51") = 0 [pid 1889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1874] <... futex resumed>) = 0 [pid 1889] <... prctl resumed>) = 0 [pid 1889] setpgid(0, 0) = 0 [pid 1889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1889] write(3, "1000", 4) = 4 [pid 1889] close(3) = 0 [pid 1889] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1889] write(1, "executing program\n", 18) = 18 [pid 1889] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1889] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1889] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1890]}, 88) = 1890 [pid 1889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1889] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1889] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1874] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1890 attached [pid 1890] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1890] memfd_create("syzkaller", 0) = 3 [pid 1890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1890] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1875] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1874] <... futex resumed>) = ? [pid 1875] +++ killed by SIGBUS +++ [pid 1874] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1874, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1885] <... close resumed>) = 0 [pid 1885] mkdir("./file2", 0777) = 0 [pid 1885] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1890] <... openat resumed>) = 4 [pid 1890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 287] <... umount2 resumed>) = 0 [ 47.602703][ T1871] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 47.635625][ T1875] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./52/file2", [pid 287] newfstatat(AT_FDCWD, "./54/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 290] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4 [pid 287] close(4 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] rmdir("./52/file2" [pid 287] rmdir("./54/file2" [pid 290] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 1890] close(3 [pid 290] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1890] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1890] close(4 [pid 290] newfstatat(AT_FDCWD, "./52/binderfs", [pid 287] newfstatat(AT_FDCWD, "./54/binderfs", [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./52/binderfs" [pid 287] unlink("./54/binderfs") = 0 [pid 290] <... unlink resumed>) = 0 [pid 287] getdents64(3, [pid 290] getdents64(3, [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3 [pid 287] close(3 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./54" [pid 1882] <... mount resumed>) = 0 [pid 290] rmdir("./52" [pid 287] <... rmdir resumed>) = 0 [pid 1882] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 287] mkdir("./55", 0777 [pid 290] <... rmdir resumed>) = 0 [pid 1882] chdir("./file2") = 0 [pid 1882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] mkdir("./53", 0777) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1885] <... mount resumed>) = 0 [pid 1885] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1885] chdir("./file2") = 0 [pid 1885] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 1890] <... close resumed>) = 0 [pid 1885] <... openat resumed>) = 4 [pid 1882] <... openat resumed>) = 4 [pid 1890] mkdir("./file2", 0777 [pid 1882] ioctl(4, LOOP_CLR_FD [pid 1890] <... mkdir resumed>) = 0 [pid 1885] ioctl(4, LOOP_CLR_FD [pid 1890] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program [pid 1882] <... ioctl resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1896 ./strace-static-x86_64: Process 1896 attached [pid 1896] set_robust_list(0x555594a056a0, 24) = 0 [pid 1896] chdir("./55") = 0 [pid 1896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1896] setpgid(0, 0) = 0 [pid 1896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1896] write(3, "1000", 4 [pid 290] close(3 [pid 1882] close(4 [pid 1896] <... write resumed>) = 4 [pid 1896] close(3 [pid 1882] <... close resumed>) = 0 [pid 1896] <... close resumed>) = 0 [pid 1896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1896] write(1, "executing program\n", 18) = 18 [pid 1896] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1896] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1897]}, 88) = 1897 [pid 1896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1896] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1897 attached [pid 1897] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1897] memfd_create("syzkaller", 0) = 3 [pid 1897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1882] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] munmap(0x7f0ae48af000, 138412032 [pid 1882] <... futex resumed>) = 1 [pid 1876] <... futex resumed>) = 0 [pid 1897] <... munmap resumed>) = 0 [pid 1897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1897] ioctl(4, LOOP_SET_FD, 3 [pid 1882] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1876] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1882] <... futex resumed>) = 0 [pid 1876] <... futex resumed>) = 1 [pid 1882] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1876] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... openat resumed>) = 4 [pid 1882] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1876] <... futex resumed>) = 0 [pid 1882] write(4, "#! \n", 4 [pid 1876] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1882] <... write resumed>) = 4 [pid 1876] <... futex resumed>) = 0 [pid 1882] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1876] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1882] <... futex resumed>) = 0 [pid 1876] <... futex resumed>) = 0 [pid 1882] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1876] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1899]}, 88) = 1899 [pid 1876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1876] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1876] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1899 attached [pid 1899] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1899] write(4, "#! \n", 4) = 4 [pid 1899] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1876] <... futex resumed>) = 0 [pid 1876] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1882] <... futex resumed>) = 0 [pid 1876] <... futex resumed>) = 1 [pid 1882] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1876] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... mmap resumed>) = 0x200000000000 [pid 1882] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1876] <... futex resumed>) = 0 [pid 1899] <... futex resumed>) = 1 [pid 1897] <... ioctl resumed>) = 0 [pid 1876] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] close(3 [pid 1899] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1897] <... close resumed>) = 0 [pid 1897] close(4 [pid 1885] <... ioctl resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 1885] close(4 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1900 [pid 1876] <... futex resumed>) = 0 [pid 1876] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1885] <... close resumed>) = 0 [pid 1885] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1879] <... futex resumed>) = 0 [pid 1885] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1879] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1879] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1900 attached [pid 1900] set_robust_list(0x555594a056a0, 24) = 0 [pid 1900] chdir("./53") = 0 [pid 1900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1900] setpgid(0, 0) = 0 [pid 1900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1900] write(3, "1000", 4) = 4 [pid 1900] close(3) = 0 [pid 1900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1900] write(1, "executing program\n", 18executing program ) = 18 [pid 1900] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1885] <... openat resumed>) = 4 [pid 1885] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1879] <... futex resumed>) = 0 [pid 1885] write(4, "#! \n", 4 [pid 1879] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] <... write resumed>) = 4 [pid 1879] <... futex resumed>) = 0 [pid 1885] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] <... futex resumed>) = 0 [pid 1879] <... futex resumed>) = 0 [pid 1885] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1876] <... futex resumed>) = ? [pid 1890] <... mount resumed>) = 0 [pid 1879] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1900] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1890] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1900] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1899] <... futex resumed>) = ? [pid 1879] <... mprotect resumed>) = 0 [pid 1890] <... openat resumed>) = 3 [pid 1890] chdir("./file2") = 0 [pid 1890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1879] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1900] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1879] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1904]}, 88) = 1904 [pid 1900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1900] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1900] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1903 attached [pid 1903] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1903] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1904 attached [pid 1904] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1904] memfd_create("syzkaller", 0 [pid 1879] <... clone3 resumed> => {parent_tid=[1903]}, 88) = 1903 [pid 1879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1879] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1903] <... futex resumed>) = 0 [pid 1879] <... futex resumed>) = 1 [pid 1903] write(4, "#! \n", 4) = 4 [pid 1879] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1903] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1879] <... futex resumed>) = 0 [pid 1879] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] <... futex resumed>) = 0 [pid 1879] <... futex resumed>) = 1 [pid 1885] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1879] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1885] <... mmap resumed>) = 0x200000000000 [pid 1899] +++ killed by SIGBUS +++ [pid 1885] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1879] <... futex resumed>) = 0 [pid 1885] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1879] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1879] <... futex resumed>) = 0 [pid 1903] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1904] <... memfd_create resumed>) = 3 [pid 1882] +++ killed by SIGBUS +++ [pid 1879] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1876] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1876, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1904] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1904] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1885] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1903] <... futex resumed>) = ? [pid 1879] <... futex resumed>) = ? [pid 1903] +++ killed by SIGBUS +++ [pid 1885] +++ killed by SIGBUS +++ [pid 1879] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1879, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1897] <... close resumed>) = 0 [pid 1904] <... openat resumed>) = 4 [pid 1897] mkdir("./file2", 0777 [pid 1890] <... openat resumed>) = 4 [pid 291] <... restart_syscall resumed>) = 0 [pid 1897] <... mkdir resumed>) = 0 [pid 1890] ioctl(4, LOOP_CLR_FD [pid 1897] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1904] ioctl(4, LOOP_SET_FD, 3 [pid 291] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1890] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 1890] close(4 [pid 289] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1890] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1890] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 1890] <... futex resumed>) = 1 [pid 1889] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1889] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1890] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1889] <... futex resumed>) = 0 [pid 1889] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 1890] <... openat resumed>) = 4 [pid 289] <... close resumed>) = 0 [pid 289] rmdir("./51/file2" [pid 1890] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... rmdir resumed>) = 0 [pid 1890] <... futex resumed>) = 1 [pid 1889] <... futex resumed>) = 0 [pid 289] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1889] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1890] write(4, "#! \n", 4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1889] <... futex resumed>) = 0 [pid 1889] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./51/binderfs", [pid 1890] <... write resumed>) = 4 [pid 1889] <... futex resumed>) = 0 [pid 1890] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1890] <... futex resumed>) = 0 [pid 1890] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1889] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1889] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] unlink("./51/binderfs" [pid 1889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... unlink resumed>) = 0 [pid 289] getdents64(3, [pid 1889] <... clone3 resumed> => {parent_tid=[1905]}, 88) = 1905 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] close(3 [pid 1889] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] <... close resumed>) = 0 [pid 1889] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] rmdir("./51") = 0 [pid 289] mkdir("./52", 0777./strace-static-x86_64: Process 1905 attached [pid 1905] set_robust_list(0x7f0aeccae9a0, 24 [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1905] <... set_robust_list resumed>) = 0 [pid 1905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1905] write(4, "#! \n", 4) = 4 [pid 1905] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1889] <... futex resumed>) = 0 [pid 1905] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1889] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1890] <... futex resumed>) = 0 [pid 1889] <... futex resumed>) = 1 [pid 1890] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1889] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1890] <... mmap resumed>) = 0x200000000000 [pid 1890] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1889] <... futex resumed>) = 0 [pid 1890] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1889] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1889] <... futex resumed>) = 0 [ 47.800900][ T1882] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 47.821854][ T1885] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1889] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... mount resumed>) = 0 [pid 1897] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1897] chdir("./file2") = 0 [pid 1897] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1890] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1905] <... futex resumed>) = ? [pid 1889] <... futex resumed>) = ? [pid 1905] +++ killed by SIGBUS +++ [pid 1890] +++ killed by SIGBUS +++ [pid 1889] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1889, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1904] <... ioctl resumed>) = 0 [pid 1904] close(3) = 0 [ 47.877726][ T1890] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1904] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 1904] <... close resumed>) = 0 [pid 1897] <... openat resumed>) = 4 [pid 291] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] close(3 [pid 288] <... umount2 resumed>) = 0 [pid 1904] mkdir("./file2", 0777 [pid 289] <... close resumed>) = 0 [pid 1897] ioctl(4, LOOP_CLR_FD [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1904] <... mkdir resumed>) = 0 [pid 1897] <... ioctl resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./52/file2", [pid 1897] close(4 [pid 1904] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1909 [pid 1897] <... close resumed>) = 0 [pid 291] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1897] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1897] <... futex resumed>) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1897] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1896] <... futex resumed>) = 0 [pid 1897] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1896] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 4 [pid 1897] <... openat resumed>) = 4 [pid 1897] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 288] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1897] <... futex resumed>) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1897] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1896] <... futex resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./51/file2", [pid 1897] write(4, "#! \n", 4 [pid 1896] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 1897] <... write resumed>) = 4 [pid 1896] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1897] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1897] <... futex resumed>) = 0 [pid 1896] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] getdents64(4, [pid 1897] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1896] <... mprotect resumed>) = 0 [pid 291] close(4 [pid 1896] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... close resumed>) = 0 [pid 1896] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] rmdir("./52/file2" [pid 1896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... rmdir resumed>) = 0 [pid 291] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1896] <... clone3 resumed> => {parent_tid=[1910]}, 88) = 1910 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1896] rt_sigprocmask(SIG_SETMASK, [], [pid 291] newfstatat(AT_FDCWD, "./52/binderfs", [pid 1896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1896] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] unlink("./52/binderfs" [pid 1896] <... futex resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 1896] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] getdents64(3, [pid 288] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3 [pid 288] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./52") = 0 [pid 291] mkdir("./53", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 1910 attached ) = -1 ENXIO (No such device or address) [pid 288] newfstatat(4, "", [pid 291] close(3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... close resumed>) = 0 [pid 288] getdents64(4, [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1911 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 ./strace-static-x86_64: Process 1909 attached [pid 1909] set_robust_list(0x555594a056a0, 24 [pid 288] rmdir("./51/file2" [pid 1910] set_robust_list(0x7f0aeccae9a0, 24 [pid 1909] <... set_robust_list resumed>) = 0 [pid 1909] chdir("./52" [pid 288] <... rmdir resumed>) = 0 [pid 1910] <... set_robust_list resumed>) = 0 [pid 288] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1910] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1909] <... chdir resumed>) = 0 [pid 1909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1909] setpgid(0, 0) = 0 [pid 1909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1909] write(3, "1000", 4) = 4 [pid 1909] close(3) = 0 [pid 1909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1909] write(1, "executing program\n", 18executing program ) = 18 [pid 1909] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1909] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] newfstatat(AT_FDCWD, "./51/binderfs", [pid 1909] <... rt_sigaction resumed>NULL, 8) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1910] write(4, "#! \n", 4 [pid 288] unlink("./51/binderfs" [pid 1909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 288] <... unlink resumed>) = 0 [pid 1910] <... write resumed>) = 4 [pid 1910] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] getdents64(3, [pid 1910] <... futex resumed>) = 1 [pid 1909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1896] <... futex resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1910] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(3 [pid 1897] <... futex resumed>) = 0 [pid 1896] <... futex resumed>) = 1 [pid 1897] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1896] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... close resumed>) = 0 [pid 1897] <... mmap resumed>) = 0x200000000000 [pid 1909] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1897] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] rmdir("./51" [pid 1897] <... futex resumed>) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1909] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1896] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... rmdir resumed>) = 0 [pid 1909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1912]}, 88) = 1912 [pid 1909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1909] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1909] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1911 attached [pid 1911] set_robust_list(0x555594a056a0, 24) = 0 [pid 1911] chdir("./53") = 0 [pid 1911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1911] setpgid(0, 0) = 0 [pid 1911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1911] write(3, "1000", 4executing program ) = 4 [pid 1911] close(3) = 0 [pid 1911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1911] write(1, "executing program\n", 18) = 18 [pid 1911] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1911] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1913]}, 88) = 1913 [pid 1911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1911] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1913 attached [pid 1913] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1913] memfd_create("syzkaller", 0) = 3 [pid 1913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1913] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1913] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1913] ioctl(4, LOOP_SET_FD, 3 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] mkdir("./52", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1912 attached [pid 1912] set_robust_list(0x7f0aecccf9a0, 24 [pid 1913] <... ioctl resumed>) = 0 [pid 1912] <... set_robust_list resumed>) = 0 [pid 1904] <... mount resumed>) = 0 [pid 1897] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1913] close(3) = 0 [pid 1913] close(4) = 0 [pid 1913] mkdir("./file2", 0777) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1917 [pid 1913] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1904] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1904] chdir("./file2") = 0 [pid 1904] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1904] ioctl(4, LOOP_CLR_FD) = 0 [pid 1904] close(4) = 0 [pid 1904] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1900] <... futex resumed>) = 0 [pid 1904] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1900] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1900] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1904] <... openat resumed>) = 4 [pid 1904] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1900] <... futex resumed>) = 0 [pid 1904] write(4, "#! \n", 4 [pid 1900] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... write resumed>) = 4 [pid 1900] <... futex resumed>) = 0 [pid 1904] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1900] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... futex resumed>) = 0 [pid 1900] <... futex resumed>) = 0 [pid 1904] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1900] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1919]}, 88) = 1919 [pid 1900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1900] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1900] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1919 attached ./strace-static-x86_64: Process 1917 attached [pid 1919] set_robust_list(0x7f0aeccae9a0, 24 [pid 1917] set_robust_list(0x555594a056a0, 24 [pid 1910] <... futex resumed>) = ? [pid 1896] <... futex resumed>) = ? [pid 1912] rt_sigprocmask(SIG_SETMASK, [], [pid 1919] <... set_robust_list resumed>) = 0 [pid 1917] <... set_robust_list resumed>) = 0 [pid 1912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1910] +++ killed by SIGBUS +++ [pid 1919] rt_sigprocmask(SIG_SETMASK, [], [pid 1917] chdir("./52" [pid 1919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1917] <... chdir resumed>) = 0 [pid 1912] memfd_create("syzkaller", 0 [pid 1919] write(4, "#! \n", 4) = 4 [pid 1917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1912] <... memfd_create resumed>) = 3 [pid 1897] +++ killed by SIGBUS +++ [pid 1896] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1896, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1919] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1913] <... mount resumed>) = 0 [pid 1913] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1913] chdir("./file2") = 0 [pid 1913] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1913] ioctl(4, LOOP_CLR_FD) = 0 [pid 1913] close(4) = 0 [pid 1913] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1911] <... futex resumed>) = 0 [pid 1913] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1911] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1919] <... futex resumed>) = 1 [pid 1900] <... futex resumed>) = 0 [pid 1919] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1917] <... prctl resumed>) = 0 [pid 1913] <... openat resumed>) = 4 [pid 1912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1911] <... futex resumed>) = 0 [pid 1900] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1917] setpgid(0, 0 [pid 1913] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1912] <... mmap resumed>) = 0x7f0ae48af000 [pid 1911] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1904] <... futex resumed>) = 0 [pid 1900] <... futex resumed>) = 1 [pid 1917] <... setpgid resumed>) = 0 [pid 1913] <... futex resumed>) = 0 [pid 1911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1904] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1900] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1913] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1911] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... mmap resumed>) = 0x200000000000 [pid 1917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1911] <... futex resumed>) = 0 [pid 1904] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1913] write(4, "#! \n", 4 [pid 1911] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... futex resumed>) = 1 [pid 1900] <... futex resumed>) = 0 [pid 1913] <... write resumed>) = 4 [pid 1911] <... futex resumed>) = 0 [pid 1904] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1900] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1913] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 47.977559][ T1897] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 1904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1900] <... futex resumed>) = 0 [pid 1917] <... openat resumed>) = 3 [pid 1913] <... futex resumed>) = 0 [pid 1912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1911] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1917] write(3, "1000", 4) = 4 [pid 1917] close(3) = 0 [pid 1917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1917] write(1, "executing program\n", 18 [pid 1912] <... write resumed>) = 524288 [pid 1917] <... write resumed>) = 18 [pid 1917] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1917] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1917] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1921]}, 88) = 1921 [pid 1917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1917] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1917] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1912] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1912] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1912] ioctl(4, LOOP_SET_FD, 3 [pid 1900] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1913] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1911] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1923]}, 88) = 1923 [pid 1911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1911] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1921 attached [pid 1921] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1921] memfd_create("syzkaller", 0) = 3 [pid 1921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 1923 attached [pid 1921] <... write resumed>) = 524288 [pid 1912] <... ioctl resumed>) = 0 [pid 1904] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1923] set_robust_list(0x7f0aeccae9a0, 24 [pid 287] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1923] <... set_robust_list resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1923] rt_sigprocmask(SIG_SETMASK, [], [pid 287] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... openat resumed>) = 3 [pid 1923] write(4, "#! \n", 4 [pid 287] newfstatat(3, "", [pid 1912] close(3 [pid 1923] <... write resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1923] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(3, [pid 1923] <... futex resumed>) = 1 [pid 1912] <... close resumed>) = 0 [pid 1911] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1923] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1912] close(4 [pid 1911] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1913] <... futex resumed>) = 0 [pid 1912] <... close resumed>) = 0 [pid 1911] <... futex resumed>) = 1 [pid 1921] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1900] <... futex resumed>) = ? [pid 1919] <... futex resumed>) = ? [pid 1921] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1913] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1912] mkdir("./file2", 0777 [pid 1911] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1921] <... openat resumed>) = 4 [pid 1921] ioctl(4, LOOP_SET_FD, 3 [pid 1913] <... mmap resumed>) = 0x200000000000 [pid 1919] +++ killed by SIGBUS +++ [pid 1913] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1911] <... futex resumed>) = 0 [pid 1904] +++ killed by SIGBUS +++ [pid 1900] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1900, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 1911] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1921] <... ioctl resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 1911] <... futex resumed>) = 0 [pid 1911] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1912] <... mkdir resumed>) = 0 [pid 290] getdents64(3, [pid 1913] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1912] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1923] <... futex resumed>) = ? [pid 1921] close(3 [pid 1911] <... futex resumed>) = ? [pid 290] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1923] +++ killed by SIGBUS +++ [pid 1921] <... close resumed>) = 0 [pid 1921] close(4 [pid 1913] +++ killed by SIGBUS +++ [pid 1911] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1911, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./55/file2") = 0 [pid 287] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./55/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./55") = 0 [pid 287] mkdir("./56", 0777) = 0 [ 48.020069][ T1904] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.041181][ T1913] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1921] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 1921] mkdir("./file2", 0777 [pid 291] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 1921] <... mkdir resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1921] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] newfstatat(AT_FDCWD, "./53/file2", [pid 290] newfstatat(AT_FDCWD, "./53/file2", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] newfstatat(4, "", [pid 290] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 290] close(4 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 291] rmdir("./53/file2" [pid 290] rmdir("./53/file2" [pid 291] <... rmdir resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 291] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./53/binderfs", [pid 290] newfstatat(AT_FDCWD, "./53/binderfs", [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./53/binderfs" [pid 290] unlink("./53/binderfs"./strace-static-x86_64: Process 1927 attached [pid 291] <... unlink resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1927 [pid 291] getdents64(3, [pid 290] getdents64(3, [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3 [pid 290] close(3 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 291] rmdir("./53" [pid 290] rmdir("./53" [pid 291] <... rmdir resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 291] mkdir("./54", 0777 [pid 290] mkdir("./54", 0777 [pid 1927] set_robust_list(0x555594a056a0, 24 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1927] <... set_robust_list resumed>) = 0 [pid 1927] chdir("./56") = 0 [pid 1927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1927] setpgid(0, 0) = 0 [pid 1927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1927] write(3, "1000", 4) = 4 [pid 1927] close(3) = 0 [pid 1927] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1927] write(1, "executing program\n", 18) = 18 [pid 1927] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1927] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1927] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 1929 attached => {parent_tid=[1929]}, 88) = 1929 [pid 1929] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1929] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1927] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1929] <... futex resumed>) = 0 [pid 1929] memfd_create("syzkaller", 0) = 3 [pid 1929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1927] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1929] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1929] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1912] <... mount resumed>) = 0 [pid 1912] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1912] chdir("./file2") = 0 [pid 1912] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 1912] ioctl(4, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 1912] <... ioctl resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1912] close(4 [pid 291] close(3 [pid 290] close(3 [pid 1912] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 1912] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1912] <... futex resumed>) = 1 [pid 1909] <... futex resumed>) = 0 [pid 1912] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1909] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1930 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1931 [pid 1909] <... futex resumed>) = 0 [pid 1909] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... openat resumed>) = 4 [pid 1929] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1930 attached ./strace-static-x86_64: Process 1931 attached [pid 1931] set_robust_list(0x555594a056a0, 24 [pid 1930] set_robust_list(0x555594a056a0, 24 [pid 1912] <... openat resumed>) = 4 [pid 1912] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1909] <... futex resumed>) = 0 [pid 1912] write(4, "#! \n", 4 [pid 1909] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1912] <... write resumed>) = 4 [pid 1909] <... futex resumed>) = 0 [pid 1912] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1909] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1912] <... futex resumed>) = 0 [pid 1909] <... futex resumed>) = 0 [pid 1912] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1909] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1933]}, 88) = 1933 [pid 1909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1931] <... set_robust_list resumed>) = 0 [pid 1930] <... set_robust_list resumed>) = 0 [pid 1930] chdir("./54" [pid 1909] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] chdir("./54" [pid 1909] <... futex resumed>) = 0 [pid 1909] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1931] <... chdir resumed>) = 0 [pid 1930] <... chdir resumed>) = 0 [pid 1929] <... ioctl resumed>) = 0 [pid 1929] close(3) = 0 [pid 1929] close(4./strace-static-x86_64: Process 1933 attached [pid 1933] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1933] write(4, "#! \n", 4) = 4 [pid 1933] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1909] <... futex resumed>) = 0 [pid 1909] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1912] <... futex resumed>) = 0 [pid 1909] <... futex resumed>) = 1 [pid 1912] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1909] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1912] <... mmap resumed>) = 0x200000000000 [pid 1912] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1909] <... futex resumed>) = 0 [pid 1931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1930] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1909] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1933] <... futex resumed>) = 1 [pid 1931] <... prctl resumed>) = 0 [pid 1930] <... prctl resumed>) = 0 [pid 1909] <... futex resumed>) = 0 [pid 1930] setpgid(0, 0 [pid 1931] setpgid(0, 0 [pid 1930] <... setpgid resumed>) = 0 [pid 1931] <... setpgid resumed>) = 0 [pid 1930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1930] <... openat resumed>) = 3 [pid 1931] <... openat resumed>) = 3 [pid 1931] write(3, "1000", 4 [pid 1930] write(3, "1000", 4 [pid 1931] <... write resumed>) = 4 [pid 1930] <... write resumed>) = 4 [pid 1931] close(3 [pid 1930] close(3 [pid 1931] <... close resumed>) = 0 [pid 1930] <... close resumed>) = 0 [pid 1931] symlink("/dev/binderfs", "./binderfs" [pid 1930] symlink("/dev/binderfs", "./binderfs" [pid 1931] <... symlink resumed>) = 0 [pid 1930] <... symlink resumed>) = 0 executing program [pid 1930] write(1, "executing program\n", 18) = 18 [pid 1930] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 1931] write(1, "executing program\n", 18 [pid 1930] <... futex resumed>) = 0 [pid 1930] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1931] <... write resumed>) = 18 [pid 1930] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1931] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1931] <... futex resumed>) = 0 [pid 1930] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1931] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1930] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1930] <... mprotect resumed>) = 0 [pid 1931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1930] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1931] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1930] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1935]}, 88) = 1935 [pid 1930] rt_sigprocmask(SIG_SETMASK, [], [pid 1931] <... clone3 resumed> => {parent_tid=[1934]}, 88) = 1934 [pid 1930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1931] rt_sigprocmask(SIG_SETMASK, [], [pid 1930] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1930] <... futex resumed>) = 0 [pid 1931] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1930] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1931] <... futex resumed>) = 0 [pid 1931] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1933] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1909] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1934 attached [pid 1934] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1934] memfd_create("syzkaller", 0) = 3 [pid 1934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1935 attached [pid 1935] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1912] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1933] <... futex resumed>) = ? [pid 1909] <... futex resumed>) = ? [pid 1935] memfd_create("syzkaller", 0 [pid 1933] +++ killed by SIGBUS +++ [pid 1935] <... memfd_create resumed>) = 3 [pid 1935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1912] +++ killed by SIGBUS +++ [pid 1909] +++ killed by SIGBUS +++ [pid 1934] <... write resumed>) = 524288 [pid 1934] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1934] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1909, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1921] <... mount resumed>) = 0 [pid 1935] <... write resumed>) = 524288 [pid 1921] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1935] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1935] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1921] <... openat resumed>) = 3 [pid 1921] chdir("./file2") = 0 [pid 1921] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1929] <... close resumed>) = 0 [pid 1929] mkdir("./file2", 0777) = 0 [pid 1929] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1921] <... openat resumed>) = 4 [ 48.215198][ T1912] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1921] ioctl(4, LOOP_CLR_FD [pid 1929] <... mount resumed>) = 0 [pid 1929] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1929] chdir("./file2") = 0 [pid 1929] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1935] <... openat resumed>) = 4 [pid 1934] <... openat resumed>) = 4 [pid 1929] <... openat resumed>) = 4 [pid 1921] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 1934] ioctl(4, LOOP_SET_FD, 3 [pid 1929] ioctl(4, LOOP_CLR_FD [pid 1921] close(4 [pid 289] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1935] ioctl(4, LOOP_SET_FD, 3 [pid 1934] <... ioctl resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./52/file2", [pid 1934] close(3) = 0 [pid 1934] close(4) = 0 [pid 1929] <... ioctl resumed>) = 0 [pid 1921] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1934] mkdir("./file2", 0777) = 0 [pid 1929] close(4 [pid 1921] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1934] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1921] <... futex resumed>) = 1 [pid 1917] <... futex resumed>) = 0 [pid 1917] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1917] <... futex resumed>) = 0 [pid 1921] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1917] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1921] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 1921] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1921] <... futex resumed>) = 1 [pid 1917] <... futex resumed>) = 0 [pid 289] getdents64(4, [pid 1917] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1917] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1917] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1942]}, 88) = 1942 [pid 1917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1917] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1917] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1921] write(4, "#! \n", 4 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1921] <... write resumed>) = 4 [pid 289] getdents64(4, [pid 1921] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] close(4) = 0 [pid 289] rmdir("./52/file2") = 0 [pid 289] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1935] <... ioctl resumed>) = 0 [pid 1929] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1935] close(3 [pid 1929] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./52/binderfs", [pid 1935] <... close resumed>) = 0 [pid 1929] <... futex resumed>) = 1 [pid 1927] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1935] close(4 [pid 1929] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1927] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] unlink("./52/binderfs" [pid 1929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1927] <... futex resumed>) = 0 [pid 1929] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1927] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... unlink resumed>) = 0 [pid 1929] <... openat resumed>) = 4 [pid 289] getdents64(3, [pid 1929] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1929] <... futex resumed>) = 1 [pid 1927] <... futex resumed>) = 0 [pid 1929] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] close(3 [pid 1927] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1927] <... futex resumed>) = 0 [pid 1929] write(4, "#! \n", 4 [pid 289] <... close resumed>) = 0 [pid 1927] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... write resumed>) = 4 [pid 1927] <... futex resumed>) = 0 [pid 289] rmdir("./52" [pid 1929] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1929] <... futex resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 1929] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1927] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] mkdir("./53", 0777 [pid 1927] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 1942 attached [pid 1942] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1942] write(4, "#! \n", 4 [pid 289] <... mkdir resumed>) = 0 [pid 1927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1942] <... write resumed>) = 4 [pid 1942] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1917] <... futex resumed>) = 0 [pid 1927] <... clone3 resumed> => {parent_tid=[1943]}, 88) = 1943 [pid 1917] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1927] rt_sigprocmask(SIG_SETMASK, [], [pid 1921] <... futex resumed>) = 0 [pid 1917] <... futex resumed>) = 1 [pid 1927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1921] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1917] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1927] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... mmap resumed>) = 0x200000000000 [pid 1927] <... futex resumed>) = 0 [pid 1921] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1927] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1921] <... futex resumed>) = 1 [pid 1917] <... futex resumed>) = 0 [pid 1921] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1917] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1917] <... futex resumed>) = 0 [pid 1942] <... futex resumed>) = 1 [pid 1942] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1943 attached [pid 1943] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1943] write(4, "#! \n", 4) = 4 [pid 1943] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1917] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1927] <... futex resumed>) = 0 [pid 1927] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1927] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... futex resumed>) = 0 [pid 1929] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 1929] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1927] <... futex resumed>) = 0 [pid 1929] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1927] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1927] <... futex resumed>) = 0 [pid 1927] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1921] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1929] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1943] <... futex resumed>) = ? [pid 1942] <... futex resumed>) = ? [pid 1927] <... futex resumed>) = ? [pid 1917] <... futex resumed>) = ? [pid 1942] +++ killed by SIGBUS +++ [pid 1934] <... mount resumed>) = 0 [pid 1921] +++ killed by SIGBUS +++ [pid 1917] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1917, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1943] +++ killed by SIGBUS +++ [pid 1934] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1934] chdir("./file2") = 0 [pid 1934] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 1935] <... close resumed>) = 0 [pid 1929] +++ killed by SIGBUS +++ [pid 1927] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1927, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1946 ./strace-static-x86_64: Process 1946 attached [pid 1946] set_robust_list(0x555594a056a0, 24) = 0 [pid 1946] chdir("./53") = 0 [pid 1946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1946] setpgid(0, 0) = 0 [pid 1946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1946] write(3, "1000", 4) = 4 [pid 1946] close(3) = 0 [pid 1946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1946] write(1, "executing program\n", 18) = 18 [pid 1946] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1946] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1946] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1947]}, 88) = 1947 [pid 1946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1946] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1946] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1947 attached [pid 1947] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1947] memfd_create("syzkaller", 0) = 3 [pid 1947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1935] mkdir("./file2", 0777) = 0 [pid 1935] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... restart_syscall resumed>) = 0 [pid 288] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1947] <... write resumed>) = 524288 [pid 288] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, [pid 287] getdents64(3, [pid 1947] munmap(0x7f0ae48af000, 138412032 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1947] <... munmap resumed>) = 0 [pid 1947] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1934] <... openat resumed>) = 4 [pid 1934] ioctl(4, LOOP_CLR_FD) = 0 [pid 1934] close(4) = 0 [pid 1934] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1931] <... futex resumed>) = 0 [pid 1934] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1931] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1934] <... openat resumed>) = 4 [pid 1931] <... futex resumed>) = 0 [pid 1934] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1934] write(4, "#! \n", 4 [pid 1931] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1934] <... write resumed>) = 4 [pid 1931] <... futex resumed>) = 0 [pid 1934] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1934] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 0 [pid 1934] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1931] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[1948]}, 88) = 1948 [pid 1931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1931] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1931] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... openat resumed>) = 4 [pid 1947] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1948 attached [pid 1948] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1948] write(4, "#! \n", 4) = 4 [pid 1948] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1931] <... futex resumed>) = 0 [pid 1931] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1934] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 1 [pid 1934] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1931] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1948] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1934] <... mmap resumed>) = 0x200000000000 [pid 1934] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1931] <... futex resumed>) = 0 [pid 1931] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.329125][ T1921] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.335971][ T1929] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1931] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1931] <... futex resumed>) = ? [pid 1948] <... futex resumed>) = ? [pid 1948] +++ killed by SIGBUS +++ [pid 1934] +++ killed by SIGBUS +++ [pid 1931] +++ killed by SIGBUS +++ [pid 1935] <... mount resumed>) = 0 [pid 1935] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1935] chdir("./file2") = 0 [pid 1935] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1931, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 48.403067][ T1934] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1947] <... ioctl resumed>) = 0 [pid 1947] close(3 [pid 1935] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 1947] <... close resumed>) = 0 [pid 1935] ioctl(4, LOOP_CLR_FD [pid 287] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1947] close(4 [pid 1935] <... ioctl resumed>) = 0 [pid 288] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1935] close(4 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./52/file2", [pid 287] newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 288] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] getdents64(4, [pid 288] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 288] <... openat resumed>) = 4 [pid 287] <... close resumed>) = 0 [pid 288] newfstatat(4, "", [pid 287] rmdir("./56/file2" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 287] <... rmdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 287] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] close(4) = 0 [pid 287] newfstatat(AT_FDCWD, "./56/binderfs", [pid 288] rmdir("./52/file2") = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] unlink("./56/binderfs" [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./52/binderfs", [pid 287] <... unlink resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] getdents64(3, [pid 288] unlink("./52/binderfs" [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... unlink resumed>) = 0 [pid 287] close(3 [pid 288] getdents64(3, [pid 287] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 287] rmdir("./56" [pid 288] <... close resumed>) = 0 [pid 288] rmdir("./52" [pid 287] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] mkdir("./57", 0777 [pid 288] mkdir("./53", 0777 [pid 287] <... mkdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1947] <... close resumed>) = 0 [pid 1935] <... close resumed>) = 0 [pid 1947] mkdir("./file2", 0777 [pid 1935] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... mkdir resumed>) = 0 [pid 1935] <... futex resumed>) = 1 [pid 1930] <... futex resumed>) = 0 [pid 1947] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1935] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1930] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = 0 [pid 1935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1930] <... futex resumed>) = 0 [pid 1935] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1930] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1935] <... openat resumed>) = 4 [pid 290] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1935] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 1935] <... futex resumed>) = 1 [pid 1930] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1935] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1930] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./54/file2", [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 1935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1930] <... futex resumed>) = 0 [pid 1935] write(4, "#! \n", 4 [pid 1930] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1935] <... write resumed>) = 4 [pid 1930] <... futex resumed>) = 0 [pid 1935] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1935] <... futex resumed>) = 0 [pid 1935] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1930] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1930] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1930] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1930] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... openat resumed>) = 4 ./strace-static-x86_64: Process 1952 attached [pid 290] newfstatat(4, "", [pid 1930] <... clone3 resumed> => {parent_tid=[1952]}, 88) = 1952 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1930] rt_sigprocmask(SIG_SETMASK, [], [pid 290] getdents64(4, [pid 1930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1952] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1930] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1930] <... futex resumed>) = 0 [pid 1952] write(4, "#! \n", 4) = 4 [pid 290] getdents64(4, [pid 1930] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1952] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(4 [pid 1952] <... futex resumed>) = 1 [pid 290] <... close resumed>) = 0 [pid 1930] <... futex resumed>) = 0 [pid 290] rmdir("./54/file2" [pid 1930] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1952] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1935] <... futex resumed>) = 0 [pid 1930] <... futex resumed>) = 1 [pid 290] <... rmdir resumed>) = 0 [pid 1935] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1930] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1935] <... mmap resumed>) = 0x200000000000 [pid 290] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1935] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1935] <... futex resumed>) = 1 [pid 1930] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./54/binderfs", [pid 1935] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1930] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1930] <... futex resumed>) = 0 [pid 290] unlink("./54/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./54") = 0 [pid 290] mkdir("./55", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1930] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1935] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1952] <... futex resumed>) = ? [pid 1930] <... futex resumed>) = ? [pid 1952] +++ killed by SIGBUS +++ [pid 1935] +++ killed by SIGBUS +++ [pid 1930] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1930, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 1947] <... mount resumed>) = 0 [pid 1947] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1947] chdir("./file2") = 0 [pid 1947] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1947] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1947] ioctl(4, LOOP_CLR_FD) = 0 [pid 1947] close(4) = 0 [pid 1947] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1946] <... futex resumed>) = 0 [pid 1947] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1946] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... openat resumed>) = 4 [pid 1946] <... futex resumed>) = 0 [pid 1947] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1946] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... futex resumed>) = 0 [pid 1946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1947] write(4, "#! \n", 4 [pid 1946] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... write resumed>) = 4 [pid 1946] <... futex resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] close(3 [pid 287] close(3 [pid 1947] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1946] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... futex resumed>) = 0 [pid 1946] <... futex resumed>) = 0 [pid 1947] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1946] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] close(3 [pid 1946] <... mprotect resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1946] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... close resumed>) = 0 [pid 1946] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1946] <... clone3 resumed> => {parent_tid=[1955]}, 88) = 1955 [pid 1946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1946] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 1956 [pid 1946] <... futex resumed>) = 0 [pid 291] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 1957 [pid 1946] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 1958 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./54/file2"./strace-static-x86_64: Process 1957 attached ) = 0 ./strace-static-x86_64: Process 1958 attached [pid 1958] set_robust_list(0x555594a056a0, 24 [pid 291] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1956 attached ./strace-static-x86_64: Process 1955 attached [pid 1958] <... set_robust_list resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1957] set_robust_list(0x555594a056a0, 24 [pid 291] newfstatat(AT_FDCWD, "./54/binderfs", [pid 1957] <... set_robust_list resumed>) = 0 [pid 1956] set_robust_list(0x555594a056a0, 24 [pid 1955] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1958] chdir("./57" [pid 1956] <... set_robust_list resumed>) = 0 [pid 1955] <... set_robust_list resumed>) = 0 [pid 291] unlink("./54/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 1956] chdir("./53" [pid 1958] <... chdir resumed>) = 0 [pid 1957] chdir("./55" [pid 1955] rt_sigprocmask(SIG_SETMASK, [], [pid 291] close(3) = 0 [pid 1956] <... chdir resumed>) = 0 [pid 1955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] rmdir("./54" [pid 1958] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1957] <... chdir resumed>) = 0 [pid 1956] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1955] write(4, "#! \n", 4) = 4 [pid 1955] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1946] <... futex resumed>) = 0 [pid 1946] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... futex resumed>) = 0 [pid 1946] <... futex resumed>) = 1 [pid 1947] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1946] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1956] <... prctl resumed>) = 0 [pid 1947] <... mmap resumed>) = 0x200000000000 [pid 291] <... rmdir resumed>) = 0 [pid 1947] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1946] <... futex resumed>) = 0 [pid 291] mkdir("./55", 0777 [pid 1956] setpgid(0, 0 [pid 1947] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1946] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 48.543956][ T1935] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters executing program [pid 1946] <... futex resumed>) = 0 [pid 1958] <... prctl resumed>) = 0 [pid 1957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1956] <... setpgid resumed>) = 0 [pid 1955] <... futex resumed>) = 1 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1956] write(3, "1000", 4) = 4 [pid 1956] close(3) = 0 [pid 1956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1956] write(1, "executing program\n", 18) = 18 [pid 1956] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1956] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1956] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1959]}, 88) = 1959 [pid 1956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1956] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1956] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1955] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] setpgid(0, 0) = 0 [pid 1957] <... prctl resumed>) = 0 [pid 1958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1957] setpgid(0, 0) = 0 [pid 1957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1958] <... openat resumed>) = 3 [pid 1957] <... openat resumed>) = 3 [pid 1958] write(3, "1000", 4) = 4 [pid 1958] close(3 [pid 1957] write(3, "1000", 4 [pid 1958] <... close resumed>) = 0 [pid 1957] <... write resumed>) = 4 [pid 1957] close(3) = 0 [pid 1958] symlink("/dev/binderfs", "./binderfs" [pid 1957] symlink("/dev/binderfs", "./binderfs" [pid 1958] <... symlink resumed>) = 0 [pid 1957] <... symlink resumed>) = 0 [pid 1957] write(1, "executing program\n", 18executing program executing program [pid 1958] write(1, "executing program\n", 18 [pid 1957] <... write resumed>) = 18 [pid 1958] <... write resumed>) = 18 [pid 1957] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1958] <... futex resumed>) = 0 [pid 1957] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1958] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1957] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1958] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1957] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1958] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1957] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1958] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1957] <... mprotect resumed>) = 0 [pid 1958] <... mprotect resumed>) = 0 [pid 1957] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1958] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1957] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1958] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 1957] <... clone3 resumed> => {parent_tid=[1960]}, 88) = 1960 [pid 1958] <... clone3 resumed> => {parent_tid=[1961]}, 88) = 1961 [pid 1957] rt_sigprocmask(SIG_SETMASK, [], [pid 1958] rt_sigprocmask(SIG_SETMASK, [], [pid 1957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1957] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1958] <... futex resumed>) = 0 [pid 1957] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1946] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1959 attached [pid 1959] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1959] memfd_create("syzkaller", 0) = 3 [pid 1959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1961 attached ./strace-static-x86_64: Process 1960 attached [pid 1961] set_robust_list(0x7f0aecccf9a0, 24 [pid 1960] set_robust_list(0x7f0aecccf9a0, 24 [pid 1961] <... set_robust_list resumed>) = 0 [pid 1961] rt_sigprocmask(SIG_SETMASK, [], [pid 1960] <... set_robust_list resumed>) = 0 [pid 1947] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1960] rt_sigprocmask(SIG_SETMASK, [], [pid 1961] memfd_create("syzkaller", 0 [pid 1960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1955] <... futex resumed>) = ? [pid 1946] <... futex resumed>) = ? [pid 1961] <... memfd_create resumed>) = 3 [pid 1961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1960] memfd_create("syzkaller", 0 [pid 1955] +++ killed by SIGBUS +++ [pid 1961] <... mmap resumed>) = 0x7f0ae48af000 [pid 1960] <... memfd_create resumed>) = 3 [pid 1959] <... write resumed>) = 524288 [pid 1959] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1959] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1947] +++ killed by SIGBUS +++ [pid 1946] +++ killed by SIGBUS +++ [pid 1960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1961] <... write resumed>) = 524288 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1946, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1961] munmap(0x7f0ae48af000, 138412032 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 1961] <... munmap resumed>) = 0 [pid 1961] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1960] <... write resumed>) = 524288 [pid 1960] munmap(0x7f0ae48af000, 138412032 [pid 1961] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 1961] ioctl(4, LOOP_SET_FD, 3 [pid 1960] <... munmap resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 1960] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 1961] <... ioctl resumed>) = 0 [pid 1960] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 1961] close(3 [pid 1960] ioctl(4, LOOP_SET_FD, 3 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1961] <... close resumed>) = 0 [pid 1961] close(4 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1963 [pid 289] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 1963 attached [pid 1960] <... ioctl resumed>) = 0 [pid 1959] <... openat resumed>) = 4 [pid 289] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", [pid 1960] close(3 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1960] <... close resumed>) = 0 [pid 289] getdents64(3, [pid 1960] close(4 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1959] ioctl(4, LOOP_SET_FD, 3 [pid 1963] set_robust_list(0x555594a056a0, 24) = 0 [pid 1963] chdir("./55") = 0 [pid 1963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1963] setpgid(0, 0) = 0 [pid 1963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1963] write(3, "1000", 4) = 4 [pid 1963] close(3) = 0 [pid 1963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1963] write(1, "executing program\n", 18executing program ) = 18 [pid 1963] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1963] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 1965 attached [pid 1965] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1965] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1963] <... clone3 resumed> => {parent_tid=[1965]}, 88) = 1965 [pid 1963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1963] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1965] <... futex resumed>) = 0 [pid 1961] <... close resumed>) = 0 [pid 1965] memfd_create("syzkaller", 0) = 3 [pid 1965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1965] munmap(0x7f0ae48af000, 138412032 [pid 1961] mkdir("./file2", 0777 [pid 1965] <... munmap resumed>) = 0 [pid 1965] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1961] <... mkdir resumed>) = 0 [pid 1959] <... ioctl resumed>) = 0 [pid 1961] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1959] close(3) = 0 [pid 1959] close(4 [ 48.600109][ T1947] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1963] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1960] <... close resumed>) = 0 [pid 1965] <... openat resumed>) = 4 [pid 1965] ioctl(4, LOOP_SET_FD, 3 [pid 1960] mkdir("./file2", 0777) = 0 [pid 1960] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1961] <... mount resumed>) = 0 [pid 1961] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1961] chdir("./file2") = 0 [pid 1961] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1959] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1959] mkdir("./file2", 0777 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./53/file2" [pid 1959] <... mkdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./53/binderfs" [pid 1959] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... unlink resumed>) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./53") = 0 [pid 289] mkdir("./54", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1965] <... ioctl resumed>) = 0 [pid 1965] close(3) = 0 [pid 1965] close(4 [pid 1960] <... mount resumed>) = 0 [pid 1960] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1960] chdir("./file2") = 0 [pid 1960] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1965] <... close resumed>) = 0 [pid 1961] <... openat resumed>) = 4 [pid 1965] mkdir("./file2", 0777 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 1965] <... mkdir resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1965] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1961] ioctl(4, LOOP_CLR_FD [pid 1960] <... openat resumed>) = 4 [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1972 [pid 1961] <... ioctl resumed>) = 0 [pid 1960] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 1972 attached [pid 1961] close(4 [pid 1960] <... ioctl resumed>) = 0 [pid 1961] <... close resumed>) = 0 [pid 1960] close(4 [pid 1961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1960] <... close resumed>) = 0 [pid 1961] <... futex resumed>) = 1 [pid 1960] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] <... futex resumed>) = 0 [pid 1961] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1960] <... futex resumed>) = 1 [pid 1958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1960] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] <... futex resumed>) = 0 [pid 1957] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] set_robust_list(0x555594a056a0, 24 [pid 1961] <... openat resumed>) = 4 [pid 1960] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... set_robust_list resumed>) = 0 [pid 1961] <... futex resumed>) = 1 [pid 1958] <... futex resumed>) = 0 [pid 1958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] write(4, "#! \n", 4 [pid 1960] <... openat resumed>) = 4 [pid 1958] <... futex resumed>) = 0 [pid 1958] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] <... write resumed>) = 4 [pid 1960] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] <... futex resumed>) = 0 [pid 1961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1960] <... futex resumed>) = 1 [pid 1958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1957] <... futex resumed>) = 0 [pid 1961] <... futex resumed>) = 0 [pid 1960] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1957] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1958] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1957] <... futex resumed>) = 0 [pid 1960] write(4, "#! \n", 4 [pid 1958] <... mprotect resumed>) = 0 [pid 1957] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1960] <... write resumed>) = 4 [pid 1958] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1957] <... futex resumed>) = 0 [pid 1960] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1960] <... futex resumed>) = 0 [pid 1958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1957] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1960] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1957] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1958] <... clone3 resumed> => {parent_tid=[1973]}, 88) = 1973 [pid 1957] <... mprotect resumed>) = 0 [pid 1958] rt_sigprocmask(SIG_SETMASK, [], [pid 1957] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1957] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1958] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1958] <... futex resumed>) = 0 [pid 1958] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1957] <... clone3 resumed> => {parent_tid=[1974]}, 88) = 1974 [pid 1957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1957] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] chdir("./54") = 0 [pid 1972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1972] setpgid(0, 0) = 0 [pid 1972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1972] write(3, "1000", 4) = 4 [pid 1972] close(3) = 0 [pid 1972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1972] write(1, "executing program\n", 18executing program ) = 18 [pid 1972] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1972] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1978]}, 88) = 1978 [pid 1972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1972] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1974 attached [pid 1974] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 1974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1974] write(4, "#! \n", 4) = 4 [pid 1974] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1960] <... futex resumed>) = 0 [pid 1957] <... futex resumed>) = 1 [pid 1960] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1957] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1960] <... mmap resumed>) = 0x200000000000 [pid 1960] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1957] <... futex resumed>) = 0 [pid 1960] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1957] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1957] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1978 attached ./strace-static-x86_64: Process 1973 attached [pid 1974] <... futex resumed>) = 1 [pid 1959] <... mount resumed>) = 0 [pid 1973] set_robust_list(0x7f0aeccae9a0, 24 [pid 1959] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1973] <... set_robust_list resumed>) = 0 [pid 1959] <... openat resumed>) = 3 [pid 1978] set_robust_list(0x7f0aecccf9a0, 24 [pid 1973] rt_sigprocmask(SIG_SETMASK, [], [pid 1959] chdir("./file2" [pid 1978] <... set_robust_list resumed>) = 0 [pid 1973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1959] <... chdir resumed>) = 0 [pid 1978] rt_sigprocmask(SIG_SETMASK, [], [pid 1973] write(4, "#! \n", 4 [pid 1959] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1974] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1973] <... write resumed>) = 4 [pid 1959] <... openat resumed>) = 4 [pid 1957] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1978] memfd_create("syzkaller", 0 [pid 1973] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] ioctl(4, LOOP_CLR_FD [pid 1978] <... memfd_create resumed>) = 3 [pid 1973] <... futex resumed>) = 1 [pid 1959] <... ioctl resumed>) = 0 [pid 1978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1973] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1959] close(4 [pid 1978] <... mmap resumed>) = 0x7f0ae48af000 [pid 1959] <... close resumed>) = 0 [pid 1978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1959] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] <... futex resumed>) = 0 [pid 1959] <... futex resumed>) = 1 [pid 1958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1956] <... futex resumed>) = 0 [pid 1961] <... futex resumed>) = 0 [pid 1959] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] <... futex resumed>) = 1 [pid 1956] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1961] <... mmap resumed>) = 0x200000000000 [pid 1959] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1956] <... futex resumed>) = 0 [pid 1961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] <... openat resumed>) = 4 [pid 1956] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1961] <... futex resumed>) = 1 [pid 1959] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] <... futex resumed>) = 0 [pid 1961] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1959] <... futex resumed>) = 0 [pid 1958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1959] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] <... futex resumed>) = 0 [pid 1956] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1959] write(4, "#! \n", 4) = 4 [pid 1959] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1959] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1978] <... write resumed>) = 524288 [pid 1978] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1978] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1978] ioctl(4, LOOP_SET_FD, 3 [pid 1960] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1974] <... futex resumed>) = ? [pid 1965] <... mount resumed>) = 0 [pid 1965] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1965] chdir("./file2") = 0 [pid 1965] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... futex resumed>) = 0 [pid 1956] <... futex resumed>) = 1 [pid 1959] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1956] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1956] <... futex resumed>) = 0 [pid 1959] write(4, "#! \n", 4 [pid 1956] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... write resumed>) = 4 [pid 1959] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1956] <... futex resumed>) = 0 [pid 1959] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1956] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1956] <... futex resumed>) = 0 [pid 1959] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1956] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1959] <... mmap resumed>) = 0x200000000000 [pid 1959] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1956] <... futex resumed>) = 0 [pid 1957] <... futex resumed>) = ? [pid 1956] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1974] +++ killed by SIGBUS +++ [pid 1960] +++ killed by SIGBUS +++ [pid 1957] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1957, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 1961] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1973] <... futex resumed>) = ? [pid 1958] <... futex resumed>) = ? [pid 1973] +++ killed by SIGBUS +++ [pid 1961] +++ killed by SIGBUS +++ [pid 1958] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1958, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1956] <... futex resumed>) = 0 [pid 1956] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1978] <... ioctl resumed>) = 0 [pid 1978] close(3) = 0 [pid 1978] close(4 [pid 1965] <... openat resumed>) = 4 [pid 1965] ioctl(4, LOOP_CLR_FD) = 0 [pid 1965] close(4) = 0 [pid 1965] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1965] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 290] <... restart_syscall resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [ 48.807098][ T1960] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.831167][ T1961] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 287] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1965] <... openat resumed>) = 4 [pid 1965] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] <... futex resumed>) = 0 [pid 1965] write(4, "#! \n", 4 [pid 1963] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] <... close resumed>) = 0 [pid 1965] <... write resumed>) = 4 [pid 1963] <... futex resumed>) = 0 [pid 1978] mkdir("./file2", 0777 [pid 1965] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1963] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] <... mkdir resumed>) = 0 [pid 1965] <... futex resumed>) = 0 [pid 1963] <... futex resumed>) = 0 [pid 1959] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1978] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1965] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1956] <... futex resumed>) = ? [pid 1963] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1963] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 1981 attached => {parent_tid=[1981]}, 88) = 1981 [pid 1963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1963] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 290] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./55/file2", [pid 287] newfstatat(AT_FDCWD, "./57/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1959] +++ killed by SIGBUS +++ [pid 1956] +++ killed by SIGBUS +++ [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1956, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 290] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 4 [pid 287] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] newfstatat(4, "", [pid 287] <... openat resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(4, "", [pid 290] getdents64(4, [pid 288] <... restart_syscall resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 290] getdents64(4, [pid 288] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] getdents64(4, [pid 290] close(4 [pid 288] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1981] set_robust_list(0x7f0aeccae9a0, 24 [pid 290] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] close(4 [pid 288] newfstatat(3, "", [pid 1981] <... set_robust_list resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] getdents64(3, [pid 1981] write(4, "#! \n", 4 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 1981] <... write resumed>) = 4 [pid 288] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1981] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1981] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] rmdir("./55/file2" [pid 1978] <... mount resumed>) = 0 [pid 1963] <... futex resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 1963] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1965] <... futex resumed>) = 0 [pid 1963] <... futex resumed>) = 1 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... close resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1963] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] unlink("./55/binderfs" [pid 1978] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1965] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 290] <... unlink resumed>) = 0 [pid 287] rmdir("./57/file2" [pid 1978] <... openat resumed>) = 3 [pid 1965] <... mmap resumed>) = 0x200000000000 [pid 290] getdents64(3, [pid 1965] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3 [pid 1965] <... futex resumed>) = 1 [pid 1963] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 1963] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 48.839103][ T1959] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] rmdir("./55") = 0 [pid 290] mkdir("./56", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1978] chdir("./file2") = 0 [pid 1978] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./57/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./57") = 0 [pid 287] mkdir("./58", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1963] <... futex resumed>) = 0 [pid 1963] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1981] <... futex resumed>) = ? [pid 1963] <... futex resumed>) = ? [pid 1981] +++ killed by SIGBUS +++ [pid 1965] +++ killed by SIGBUS +++ [pid 1963] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1963, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>executing program [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1984 ./strace-static-x86_64: Process 1984 attached [pid 1984] set_robust_list(0x555594a056a0, 24) = 0 [pid 1984] chdir("./58") = 0 [pid 1984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1984] setpgid(0, 0) = 0 [pid 1984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1984] write(3, "1000", 4) = 4 [pid 1984] close(3) = 0 [pid 1984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1984] write(1, "executing program\n", 18) = 18 [pid 1984] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1984] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1985]}, 88) = 1985 [pid 1984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1984] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] <... restart_syscall resumed>) = 0 [pid 1978] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 1978] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(AT_FDCWD, "./53/file2", [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] getdents64(3, [pid 288] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1985 attached [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1985] set_robust_list(0x7f0aecccf9a0, 24 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 1985] <... set_robust_list resumed>) = 0 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1985] rt_sigprocmask(SIG_SETMASK, [], [pid 288] getdents64(4, [pid 1985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1985] memfd_create("syzkaller", 0) = 3 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./53/file2") = 0 [pid 288] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./53/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 1985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 288] <... close resumed>) = 0 [pid 288] rmdir("./53") = 0 [pid 288] mkdir("./54", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1985] <... write resumed>) = 524288 [pid 1985] munmap(0x7f0ae48af000, 138412032) = 0 [ 48.887093][ T1965] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1978] <... ioctl resumed>) = 0 [pid 1985] ioctl(4, LOOP_SET_FD, 3 [pid 1978] close(4) = 0 [pid 1978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1978] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] <... futex resumed>) = 0 [pid 1972] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1972] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1985] <... ioctl resumed>) = 0 [pid 1985] close(3) = 0 [pid 1985] close(4 [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 1978] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1978] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 291] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1987 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 1988 ./strace-static-x86_64: Process 1988 attached ./strace-static-x86_64: Process 1987 attached [pid 1985] <... close resumed>) = 0 [pid 1978] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./55/file2", [pid 1978] <... futex resumed>) = 1 [pid 1972] <... futex resumed>) = 0 [pid 1978] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1972] <... futex resumed>) = 0 [pid 1978] write(4, "#! \n", 4 [pid 1972] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1988] set_robust_list(0x555594a056a0, 24 [pid 1987] set_robust_list(0x555594a056a0, 24 [pid 1985] mkdir("./file2", 0777 [pid 1978] <... write resumed>) = 4 [pid 1972] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1978] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1978] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1972] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... openat resumed>) = 4 [pid 1972] <... mprotect resumed>) = 0 [pid 291] newfstatat(4, "", [pid 1988] <... set_robust_list resumed>) = 0 [pid 1987] <... set_robust_list resumed>) = 0 [pid 1972] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1988] chdir("./56" [pid 1987] chdir("./54" [pid 1985] <... mkdir resumed>) = 0 [pid 1972] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] getdents64(4, [pid 1988] <... chdir resumed>) = 0 [pid 1987] <... chdir resumed>) = 0 [pid 1985] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1987] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 1988] <... prctl resumed>) = 0 [pid 1987] <... prctl resumed>) = 0 [pid 1972] <... clone3 resumed> => {parent_tid=[1989]}, 88) = 1989 [pid 291] getdents64(4, [pid 1972] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 1988] setpgid(0, 0 [pid 1987] setpgid(0, 0 [pid 1972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] close(4 [pid 1988] <... setpgid resumed>) = 0 [pid 1987] <... setpgid resumed>) = 0 [pid 1972] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1972] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 1988] <... openat resumed>) = 3 [pid 1987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1972] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] rmdir("./55/file2"./strace-static-x86_64: Process 1989 attached ) = 0 [pid 1988] write(3, "1000", 4 [pid 1987] <... openat resumed>) = 3 [pid 291] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1989] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1987] write(3, "1000", 4 [pid 1988] <... write resumed>) = 4 [pid 291] newfstatat(AT_FDCWD, "./55/binderfs", [pid 1989] <... set_robust_list resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1988] close(3 [pid 1987] <... write resumed>) = 4 [pid 291] unlink("./55/binderfs" [pid 1989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1989] write(4, "#! \n", 4 [pid 1987] close(3 [pid 291] <... unlink resumed>) = 0 [pid 1988] <... close resumed>) = 0 [pid 291] getdents64(3, [pid 1988] symlink("/dev/binderfs", "./binderfs" [pid 1987] <... close resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3 [pid 1987] symlink("/dev/binderfs", "./binderfs" [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./55") = 0 [pid 291] mkdir("./56", 0777 [pid 1989] <... write resumed>) = 4 [pid 1989] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1989] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... mkdir resumed>) = 0 [pid 1972] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1972] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1978] <... futex resumed>) = 0 [pid 1972] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1978] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1988] <... symlink resumed>) = 0 [pid 1987] <... symlink resumed>) = 0 [pid 1978] <... mmap resumed>) = 0x200000000000 executing program executing program [pid 1988] write(1, "executing program\n", 18 [pid 1987] write(1, "executing program\n", 18 [pid 1978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1972] <... futex resumed>) = 0 [pid 1988] <... write resumed>) = 18 [pid 1987] <... write resumed>) = 18 [pid 1978] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1972] <... futex resumed>) = 0 [pid 1987] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1988] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1990]}, 88) = 1990 [pid 1988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1988] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1972] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 0 [pid 1987] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1987] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1987] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[1991]}, 88) = 1991 [pid 1987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1990 attached [pid 1990] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1990] memfd_create("syzkaller", 0) = 3 [pid 1990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1990] munmap(0x7f0ae48af000, 138412032) = 0 [pid 1990] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 1991 attached [pid 1991] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 1991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1991] memfd_create("syzkaller", 0) = 3 [pid 1991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 1991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1991] munmap(0x7f0ae48af000, 138412032 [pid 1978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1991] <... munmap resumed>) = 0 [pid 1989] <... futex resumed>) = 0 [pid 1972] <... futex resumed>) = ? [pid 1991] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1989] +++ killed by SIGBUS +++ [pid 1978] +++ killed by SIGBUS +++ [pid 1972] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1972, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... openat resumed>) = 3 [pid 1990] <... openat resumed>) = 4 [pid 291] ioctl(3, LOOP_CLR_FD [ 48.988842][ T1978] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1990] ioctl(4, LOOP_SET_FD, 3 [pid 1991] <... openat resumed>) = 4 [pid 1991] ioctl(4, LOOP_SET_FD, 3 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./54/file2") = 0 [pid 289] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./54/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./54") = 0 [pid 289] mkdir("./55", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 1990] <... ioctl resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 1990] close(3 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1991] <... ioctl resumed>) = 0 [pid 1990] <... close resumed>) = 0 [pid 1985] <... mount resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 1991] close(3 [pid 1990] close(4 [pid 1985] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 1996 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1991] <... close resumed>) = 0 [pid 1990] <... close resumed>) = 0 [pid 1985] <... openat resumed>) = 3 [pid 289] close(3 [pid 1991] close(4 [pid 1990] mkdir("./file2", 0777 [pid 1985] chdir("./file2" [pid 289] <... close resumed>) = 0 [pid 1991] <... close resumed>) = 0 [pid 1985] <... chdir resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1991] mkdir("./file2", 0777 [pid 1985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 1997 [pid 1985] ioctl(4, LOOP_CLR_FD) = 0 [pid 1985] close(4./strace-static-x86_64: Process 1997 attached ./strace-static-x86_64: Process 1996 attached ) = 0 [pid 1985] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1984] <... futex resumed>) = 0 [pid 1985] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1984] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1984] <... futex resumed>) = 0 [pid 1997] set_robust_list(0x555594a056a0, 24 [pid 1996] set_robust_list(0x555594a056a0, 24 [pid 1985] <... openat resumed>) = 4 [pid 1984] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1985] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1985] <... futex resumed>) = 0 [pid 1984] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] write(4, "#! \n", 4 [pid 1984] <... futex resumed>) = 0 [pid 1997] <... set_robust_list resumed>) = 0 [pid 1996] <... set_robust_list resumed>) = 0 [pid 1985] <... write resumed>) = 4 [pid 1984] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1984] <... futex resumed>) = 0 [pid 1985] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 1997] chdir("./55" [pid 1984] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1997] <... chdir resumed>) = 0 [pid 1984] <... mprotect resumed>) = 0 [pid 1997] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1984] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1997] <... prctl resumed>) = 0 [pid 1984] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1997] setpgid(0, 0 [pid 1984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 1997] <... setpgid resumed>) = 0 [pid 1997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1984] <... clone3 resumed> => {parent_tid=[1999]}, 88) = 1999 [pid 1997] <... openat resumed>) = 3 [pid 1984] rt_sigprocmask(SIG_SETMASK, [], [pid 1997] write(3, "1000", 4 [pid 1984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1997] <... write resumed>) = 4 [pid 1984] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] close(3 [pid 1984] <... futex resumed>) = 0 [pid 1997] <... close resumed>) = 0 [pid 1984] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1999 attached [pid 1996] chdir("./56" [pid 1997] symlink("/dev/binderfs", "./binderfs" [pid 1999] set_robust_list(0x7f0aeccae9a0, 24 [pid 1997] <... symlink resumed>) = 0 [pid 1996] <... chdir resumed>) = 0 executing program [pid 1997] write(1, "executing program\n", 18) = 18 [pid 1997] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1996] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1997] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 1997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1997] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1999] <... set_robust_list resumed>) = 0 [pid 1997] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1996] <... prctl resumed>) = 0 [pid 1997] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2000 attached [pid 1999] rt_sigprocmask(SIG_SETMASK, [], [pid 1996] setpgid(0, 0 [pid 1997] <... clone3 resumed> => {parent_tid=[2000]}, 88) = 2000 [pid 1997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2000] set_robust_list(0x7f0aecccf9a0, 24 [pid 1999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1996] <... setpgid resumed>) = 0 [pid 2000] <... set_robust_list resumed>) = 0 [pid 2000] rt_sigprocmask(SIG_SETMASK, [], [pid 1996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1999] write(4, "#! \n", 4) = 4 [pid 1996] <... openat resumed>) = 3 [pid 2000] memfd_create("syzkaller", 0 [pid 1999] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1996] write(3, "1000", 4 [pid 2000] <... memfd_create resumed>) = 3 [pid 2000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1999] <... futex resumed>) = 1 [pid 1996] <... write resumed>) = 4 [pid 1984] <... futex resumed>) = 0 [pid 2000] <... mmap resumed>) = 0x7f0ae48af000 [pid 1999] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] close(3 [pid 1991] <... mkdir resumed>) = 0 [pid 1990] <... mkdir resumed>) = 0 [pid 1984] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1996] <... close resumed>) = 0 [pid 1991] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1996] symlink("/dev/binderfs", "./binderfs" [pid 1990] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 1985] <... futex resumed>) = 0 [pid 1984] <... futex resumed>) = 1 [pid 1996] <... symlink resumed>) = 0 [pid 1985] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1984] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] write(1, "executing program\n", 18executing program [pid 1985] <... mmap resumed>) = 0x200000000000 [pid 1996] <... write resumed>) = 18 [pid 1985] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] <... write resumed>) = 524288 [pid 1996] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1985] <... futex resumed>) = 1 [pid 1984] <... futex resumed>) = 0 [pid 1996] <... futex resumed>) = 0 [pid 1985] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1984] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1996] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1984] <... futex resumed>) = 0 [pid 1996] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2000] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1984] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 1996] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2001]}, 88) = 2001 [pid 1996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1996] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1996] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2001 attached [pid 2001] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2001] memfd_create("syzkaller", 0) = 3 [pid 2001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2001] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1984] <... futex resumed>) = ? [pid 1999] <... futex resumed>) = ? [pid 1999] +++ killed by SIGBUS +++ [pid 1985] +++ killed by SIGBUS +++ [pid 1984] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1984, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2000] <... openat resumed>) = 4 [pid 2001] <... openat resumed>) = 4 [pid 2001] ioctl(4, LOOP_SET_FD, 3 [pid 2000] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1991] <... mount resumed>) = 0 [pid 1991] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1991] chdir("./file2") = 0 [pid 1991] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2001] <... ioctl resumed>) = 0 [pid 2000] <... ioctl resumed>) = 0 [pid 2001] close(3 [pid 2000] close(3 [pid 2001] <... close resumed>) = 0 [pid 2001] close(4 [pid 2000] <... close resumed>) = 0 [ 49.139565][ T1985] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2000] close(4 [pid 1990] <... mount resumed>) = 0 [pid 1990] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 1990] chdir("./file2") = 0 [pid 1990] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1991] <... openat resumed>) = 4 [pid 2001] <... close resumed>) = 0 [pid 2000] <... close resumed>) = 0 [pid 1991] ioctl(4, LOOP_CLR_FD [pid 287] <... umount2 resumed>) = 0 [pid 2000] mkdir("./file2", 0777 [pid 2001] mkdir("./file2", 0777) = 0 [pid 2001] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2000] <... mkdir resumed>) = 0 [pid 287] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2000] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./58/file2") = 0 [pid 287] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./58/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./58") = 0 [pid 287] mkdir("./59", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2008 ./strace-static-x86_64: Process 2008 attached [pid 2008] set_robust_list(0x555594a056a0, 24) = 0 [pid 2008] chdir("./59") = 0 [pid 2008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2008] setpgid(0, 0 [pid 1991] <... ioctl resumed>) = 0 [pid 1990] <... openat resumed>) = 4 [pid 1991] close(4 [pid 1990] ioctl(4, LOOP_CLR_FD [pid 1991] <... close resumed>) = 0 [pid 1990] <... ioctl resumed>) = 0 [pid 1991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1990] close(4 [pid 1987] <... futex resumed>) = 0 [pid 1991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1990] <... close resumed>) = 0 [pid 1987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1990] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... futex resumed>) = 0 [pid 1991] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1990] <... futex resumed>) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1991] <... openat resumed>) = 4 [pid 1990] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1988] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] <... mount resumed>) = 0 [pid 1991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 2000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1991] <... futex resumed>) = 1 [pid 1990] <... openat resumed>) = 4 [pid 1988] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 0 [pid 2000] <... openat resumed>) = 3 [pid 1991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1990] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] chdir("./file2" [pid 1991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1990] <... futex resumed>) = 0 [pid 1988] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... futex resumed>) = 0 [pid 2000] <... chdir resumed>) = 0 [pid 1991] write(4, "#! \n", 4 [pid 1988] <... futex resumed>) = 0 [pid 1987] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1991] <... write resumed>) = 4 [pid 1988] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... futex resumed>) = 0 [pid 2000] <... openat resumed>) = 4 [pid 1991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2000] ioctl(4, LOOP_CLR_FD [pid 1991] <... futex resumed>) = 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1987] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2000] <... ioctl resumed>) = 0 [pid 1991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1987] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2000] close(4 [pid 1988] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1987] <... mprotect resumed>) = 0 [pid 2000] <... close resumed>) = 0 [pid 1988] <... mprotect resumed>) = 0 [pid 1987] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1987] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2000] <... futex resumed>) = 1 [pid 1997] <... futex resumed>) = 0 [pid 1988] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2000] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1997] <... futex resumed>) = 0 [pid 1987] <... clone3 resumed> => {parent_tid=[2011]}, 88) = 2011 [pid 2008] <... setpgid resumed>) = 0 [pid 2000] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] <... clone3 resumed> => {parent_tid=[2012]}, 88) = 2012 [pid 1987] rt_sigprocmask(SIG_SETMASK, [], [pid 2008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2000] <... openat resumed>) = 4 [pid 1988] rt_sigprocmask(SIG_SETMASK, [], [pid 1987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2008] <... openat resumed>) = 3 [pid 2000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] write(4, "#! \n", 4 [pid 1988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1987] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2012 attached ./strace-static-x86_64: Process 2011 attached [pid 2000] <... futex resumed>) = 1 [pid 1997] <... futex resumed>) = 0 [pid 1990] <... write resumed>) = 4 [pid 1988] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... futex resumed>) = 0 [pid 2012] set_robust_list(0x7f0aeccae9a0, 24 [pid 2011] set_robust_list(0x7f0aeccae9a0, 24 [pid 2008] write(3, "1000", 4 [pid 2000] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1987] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] <... set_robust_list resumed>) = 0 [pid 2011] <... set_robust_list resumed>) = 0 [pid 2008] <... write resumed>) = 4 [pid 2001] <... mount resumed>) = 0 [pid 2000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1997] <... futex resumed>) = 0 [pid 1990] <... futex resumed>) = 0 [pid 2012] rt_sigprocmask(SIG_SETMASK, [], [pid 2011] rt_sigprocmask(SIG_SETMASK, [], [pid 2001] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 1990] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2008] close(3 [pid 2001] <... openat resumed>) = 3 [pid 2000] write(4, "#! \n", 4 [pid 1997] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] write(4, "#! \n", 4 [pid 2011] write(4, "#! \n", 4 [pid 2001] chdir("./file2" [pid 2012] <... write resumed>) = 4 [pid 2011] <... write resumed>) = 4 [pid 2008] <... close resumed>) = 0 [pid 2001] <... chdir resumed>) = 0 [pid 2000] <... write resumed>) = 4 [pid 1997] <... futex resumed>) = 0 [pid 2012] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2012] <... futex resumed>) = 1 [pid 2011] <... futex resumed>) = 1 [pid 2008] symlink("/dev/binderfs", "./binderfs" [pid 2001] <... openat resumed>) = 4 [pid 2000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1988] <... futex resumed>) = 0 [pid 1987] <... futex resumed>) = 0 [pid 2012] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2011] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2001] ioctl(4, LOOP_CLR_FD [pid 2000] <... futex resumed>) = 0 [pid 1988] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... symlink resumed>) = 0 [pid 2001] <... ioctl resumed>) = 0 [pid 2000] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] <... mmap resumed>) = 0x7f0aecc8e000 [pid 1991] <... futex resumed>) = 0 [pid 1990] <... futex resumed>) = 0 [pid 1988] <... futex resumed>) = 1 [pid 1987] <... futex resumed>) = 1 executing program [pid 2008] write(1, "executing program\n", 18 [pid 2001] close(4 [pid 1997] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 1991] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1990] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1988] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2008] <... write resumed>) = 18 [pid 2001] <... close resumed>) = 0 [pid 1997] <... mprotect resumed>) = 0 [pid 1991] <... mmap resumed>) = 0x200000000000 [pid 1990] <... mmap resumed>) = 0x200000000000 [pid 2008] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... futex resumed>) = 0 [pid 1997] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2008] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 1997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2008] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1997] <... clone3 resumed> => {parent_tid=[2015]}, 88) = 2015 [pid 2008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1997] rt_sigprocmask(SIG_SETMASK, [], [pid 2008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2008] <... mmap resumed>) = 0x7f0aeccaf000 [pid 1997] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 1997] <... futex resumed>) = 0 [pid 2008] <... mprotect resumed>) = 0 [pid 2001] <... futex resumed>) = 1 [pid 1997] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 0 [pid 1991] <... futex resumed>) = 1 [pid 1990] <... futex resumed>) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1987] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2015 attached [pid 2008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2001] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1990] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1996] <... futex resumed>) = 0 [pid 1991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1988] <... futex resumed>) = 0 [pid 1987] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2016 attached [pid 2015] set_robust_list(0x7f0aeccae9a0, 24 [pid 2008] <... clone3 resumed> => {parent_tid=[2016]}, 88) = 2016 [pid 2008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2008] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2001] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1996] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2016] set_robust_list(0x7f0aecccf9a0, 24 [pid 2015] <... set_robust_list resumed>) = 0 [pid 1991] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1988] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2016] <... set_robust_list resumed>) = 0 [pid 2015] rt_sigprocmask(SIG_SETMASK, [], [pid 2011] <... futex resumed>) = ? [pid 2016] rt_sigprocmask(SIG_SETMASK, [], [pid 2015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2011] +++ killed by SIGBUS +++ [pid 2016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2015] write(4, "#! \n", 4 [pid 1991] +++ killed by SIGBUS +++ [pid 1987] +++ killed by SIGBUS +++ [pid 2016] memfd_create("syzkaller", 0 [pid 2015] <... write resumed>) = 4 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1987, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2016] <... memfd_create resumed>) = 3 [pid 2015] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2015] <... futex resumed>) = 1 [pid 1997] <... futex resumed>) = 0 [pid 2016] <... mmap resumed>) = 0x7f0ae48af000 [pid 2015] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2000] <... futex resumed>) = 0 [pid 1997] <... futex resumed>) = 1 [pid 2016] <... write resumed>) = 524288 [pid 2001] <... openat resumed>) = 4 [pid 2000] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2016] munmap(0x7f0ae48af000, 138412032 [pid 2001] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] <... mmap resumed>) = 0x200000000000 [pid 2016] <... munmap resumed>) = 0 [pid 2012] <... futex resumed>) = ? [pid 2001] <... futex resumed>) = 1 [pid 2000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1996] <... futex resumed>) = 0 [pid 1988] <... futex resumed>) = ? [pid 2016] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2001] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2000] <... futex resumed>) = 1 [pid 1997] <... futex resumed>) = 0 [pid 1996] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... openat resumed>) = 4 [pid 2001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2000] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1996] <... futex resumed>) = 0 [pid 2016] ioctl(4, LOOP_SET_FD, 3 [pid 2001] write(4, "#! \n", 4 [pid 2000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1997] <... futex resumed>) = 0 [pid 1996] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... ioctl resumed>) = 0 [pid 2012] +++ killed by SIGBUS +++ [pid 2001] <... write resumed>) = 4 [pid 1990] +++ killed by SIGBUS +++ [pid 1988] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1988, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2016] close(3 [pid 2001] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 1997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... restart_syscall resumed>) = 0 [pid 2016] <... close resumed>) = 0 [pid 2001] <... futex resumed>) = 0 [pid 1996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2016] close(4 [pid 2001] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... openat resumed>) = 3 [pid 2015] <... futex resumed>) = ? [pid 1997] <... futex resumed>) = ? [pid 1996] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] newfstatat(3, "", [pid 1996] <... mprotect resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1996] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] getdents64(3, [pid 2015] +++ killed by SIGBUS +++ [pid 1996] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1996] <... clone3 resumed> => {parent_tid=[2018]}, 88) = 2018 [pid 1996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1996] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] <... openat resumed>) = 3 [pid 1996] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] newfstatat(3, "", [pid 2000] +++ killed by SIGBUS +++ [pid 1997] +++ killed by SIGBUS +++ [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, ./strace-static-x86_64: Process 2018 attached [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1997, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2018] set_robust_list(0x7f0aeccae9a0, 24 [pid 288] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2018] <... set_robust_list resumed>) = 0 [pid 2018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2018] write(4, "#! \n", 4) = 4 [pid 2018] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] <... futex resumed>) = 0 [pid 2018] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] <... futex resumed>) = 0 [pid 1996] <... futex resumed>) = 1 [pid 2001] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1996] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2001] <... mmap resumed>) = 0x200000000000 [pid 2001] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] <... futex resumed>) = 0 [pid 2001] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1996] <... futex resumed>) = 0 [ 49.306026][ T1991] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 49.307454][ T1990] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 49.338922][ T2000] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 1996] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2001] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2018] <... futex resumed>) = ? [pid 1996] <... futex resumed>) = ? [pid 2018] +++ killed by SIGBUS +++ [pid 2001] +++ killed by SIGBUS +++ [pid 1996] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1996, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2016] <... close resumed>) = 0 [pid 2016] mkdir("./file2", 0777) = 0 [pid 2016] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 49.362946][ T2001] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2016] <... mount resumed>) = 0 [pid 2016] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2016] chdir("./file2") = 0 [pid 2016] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 290] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] rmdir("./56/file2") = 0 [pid 290] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./56/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./56") = 0 [pid 290] mkdir("./57", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2021 [pid 2016] <... openat resumed>) = 4 [pid 291] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2016] ioctl(4, LOOP_CLR_FD [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2016] <... ioctl resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./55/file2", [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2016] close(4 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 2021 attached [pid 2021] set_robust_list(0x555594a056a0, 24) = 0 [pid 289] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2016] <... close resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./56/file2", [pid 2016] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2021] chdir("./57"executing program ) = 0 [pid 289] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2016] <... futex resumed>) = 1 [pid 2008] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2016] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2008] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 4 [pid 2016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2021] setpgid(0, 0) = 0 [pid 2021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2021] write(3, "1000", 4) = 4 [pid 2021] close(3) = 0 [pid 2021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2021] write(1, "executing program\n", 18) = 18 [pid 2021] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2008] <... futex resumed>) = 0 [pid 289] newfstatat(4, "", [pid 2016] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2021] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2021] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2008] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2021] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2016] <... openat resumed>) = 4 [pid 289] getdents64(4, [pid 291] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2021] <... clone3 resumed> => {parent_tid=[2022]}, 88) = 2022 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2016] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 4 [pid 2021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2021] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2022 attached [pid 2022] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2022] rt_sigprocmask(SIG_SETMASK, [], [pid 2016] <... futex resumed>) = 1 [pid 2008] <... futex resumed>) = 0 [pid 291] newfstatat(4, "", [pid 289] getdents64(4, [pid 2016] write(4, "#! \n", 4 [pid 2008] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2008] <... futex resumed>) = 0 [pid 2008] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2022] memfd_create("syzkaller", 0 [pid 2008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2008] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2022] <... memfd_create resumed>) = 3 [pid 2008] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2008] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2022] <... mmap resumed>) = 0x7f0ae48af000 [pid 2008] <... clone3 resumed> => {parent_tid=[2023]}, 88) = 2023 [pid 2008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2008] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] getdents64(4, [pid 2016] <... write resumed>) = 4 [pid 289] close(4 [pid 2016] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... close resumed>) = 0 [pid 291] getdents64(4, [pid 2016] <... futex resumed>) = 0 [pid 288] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2016] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] rmdir("./55/file2" [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... rmdir resumed>) = 0 [pid 291] close(4 [pid 288] newfstatat(AT_FDCWD, "./54/file2", [pid 291] <... close resumed>) = 0 [pid 289] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] rmdir("./56/file2") = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(AT_FDCWD, "./55/binderfs", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 2023 attached [pid 2023] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2023] write(4, "#! \n", 4) = 4 [pid 289] unlink("./55/binderfs" [pid 291] newfstatat(AT_FDCWD, "./56/binderfs", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2023] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] <... unlink resumed>) = 0 [pid 2008] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2008] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(3, [pid 288] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2023] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2008] <... futex resumed>) = 1 [pid 2016] <... futex resumed>) = 0 [pid 291] unlink("./56/binderfs" [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2016] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2008] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... openat resumed>) = 4 [pid 291] <... unlink resumed>) = 0 [pid 2016] <... mmap resumed>) = 0x200000000000 [pid 291] getdents64(3, [pid 2016] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(3 [pid 288] newfstatat(4, "", [pid 2016] <... futex resumed>) = 1 [pid 2008] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2016] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2008] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2008] <... futex resumed>) = 0 [pid 291] close(3 [pid 2022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2022] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2022] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2022] ioctl(4, LOOP_SET_FD, 3 [pid 289] rmdir("./55") = 0 [pid 289] mkdir("./56", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./54/file2") = 0 [pid 288] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./54/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./54") = 0 [pid 288] mkdir("./55", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2008] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./56") = 0 [pid 291] mkdir("./57", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2022] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 2022] close(3 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2022] <... close resumed>) = 0 [pid 291] close(3 [pid 289] close(3 [pid 288] close(3 [pid 2022] close(4 [pid 2016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2022] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2023] <... futex resumed>) = ? [pid 2022] mkdir("./file2", 0777 [pid 2008] <... futex resumed>) = ? [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2026 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2025 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2027 [pid 2023] +++ killed by SIGBUS +++ [pid 2022] <... mkdir resumed>) = 0 [pid 2022] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2016] +++ killed by SIGBUS +++ [pid 2008] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2008, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- ./strace-static-x86_64: Process 2025 attached [pid 2025] set_robust_list(0x555594a056a0, 24) = 0 [pid 2025] chdir("./56" [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2025] <... chdir resumed>) = 0 [pid 2025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2025] setpgid(0, 0./strace-static-x86_64: Process 2027 attached ) = 0 [pid 2025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2027] set_robust_list(0x555594a056a0, 24) = 0 [pid 2027] chdir("./55" [pid 2025] <... openat resumed>) = 3 [pid 2027] <... chdir resumed>) = 0 [pid 2027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2027] setpgid(0, 0 [pid 2025] write(3, "1000", 4) = 4 [pid 2027] <... setpgid resumed>) = 0 [pid 2025] close(3 [pid 2027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2025] <... close resumed>) = 0 [pid 2025] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 2026 attached [pid 2026] set_robust_list(0x555594a056a0, 24) = 0 [pid 2026] chdir("./57" [pid 2027] <... openat resumed>) = 3 [pid 2025] write(1, "executing program\n", 18 [pid 2026] <... chdir resumed>) = 0 [pid 2026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2026] setpgid(0, 0) = 0 executing program [pid 2026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2026] write(3, "1000", 4) = 4 [pid 2026] close(3) = 0 [pid 2026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2026] write(1, "executing program\n", 18) = 18 [pid 2026] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2026] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2028]}, 88) = 2028 [pid 2026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2028 attached [pid 2028] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2028] memfd_create("syzkaller", 0) = 3 [pid 2028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 2027] write(3, "1000", 4) = 4 [pid 2025] <... write resumed>) = 18 [pid 2027] close(3 [pid 2025] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2027] <... close resumed>) = 0 [pid 2025] <... futex resumed>) = 0 [pid 2028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2027] symlink("/dev/binderfs", "./binderfs" [pid 2025] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2027] <... symlink resumed>) = 0 [pid 2025] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2027] write(1, "executing program\n", 18executing program [pid 2025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2027] <... write resumed>) = 18 [pid 2025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2027] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2027] <... futex resumed>) = 0 [pid 2027] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2025] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2028] <... write resumed>) = 524288 [pid 2027] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2025] <... mprotect resumed>) = 0 [pid 2028] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2028] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2027] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2022] <... mount resumed>) = 0 [pid 2027] <... mprotect resumed>) = 0 [pid 2022] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2022] chdir("./file2") = 0 [pid 2022] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2025] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2027] <... clone3 resumed> => {parent_tid=[2031]}, 88) = 2031 [pid 2027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2027] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2025] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 2031 attached [pid 2031] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2031] memfd_create("syzkaller", 0 [pid 2025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2031] <... memfd_create resumed>) = 3 [pid 2031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 2032 attached [pid 2025] <... clone3 resumed> => {parent_tid=[2032]}, 88) = 2032 [pid 2032] set_robust_list(0x7f0aecccf9a0, 24 [pid 2025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2032] <... set_robust_list resumed>) = 0 [pid 2025] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2025] <... futex resumed>) = 0 [pid 2025] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2032] memfd_create("syzkaller", 0) = 3 [pid 2032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2031] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2031] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2032] <... write resumed>) = 524288 [pid 2032] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2028] <... openat resumed>) = 4 [pid 2022] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 2028] ioctl(4, LOOP_SET_FD, 3 [pid 2022] ioctl(4, LOOP_CLR_FD [pid 2032] <... openat resumed>) = 4 [pid 2031] <... openat resumed>) = 4 [pid 2022] <... ioctl resumed>) = 0 [pid 2032] ioctl(4, LOOP_SET_FD, 3 [pid 2031] ioctl(4, LOOP_SET_FD, 3 [pid 2022] close(4 [pid 2032] <... ioctl resumed>) = 0 [pid 2032] close(3 [pid 287] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2031] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./59/file2") = 0 [pid 287] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./59/binderfs") = 0 [pid 2022] <... close resumed>) = 0 [pid 2032] <... close resumed>) = 0 [pid 2031] close(3 [pid 2022] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./59") = 0 [pid 287] mkdir("./60", 0777 [pid 2031] <... close resumed>) = 0 [pid 2022] <... futex resumed>) = 1 [pid 2032] close(4 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] close(4 [pid 2022] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2028] <... ioctl resumed>) = 0 [pid 2022] <... openat resumed>) = 4 [pid 2028] close(3 [pid 2022] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... close resumed>) = 0 [pid 2028] close(4 [pid 2022] <... futex resumed>) = 1 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2021] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2022] write(4, "#! \n", 4 [pid 2021] <... mprotect resumed>) = 0 [pid 2022] <... write resumed>) = 4 [pid 2021] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2022] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2021] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2022] <... futex resumed>) = 0 [pid 2021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2022] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2021] <... clone3 resumed> => {parent_tid=[2036]}, 88) = 2036 [pid 2021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2021] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2036 attached [pid 2036] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2036] write(4, "#! \n", 4) = 4 [pid 2036] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2022] <... futex resumed>) = 0 [pid 2021] <... futex resumed>) = 1 [pid 2022] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2021] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] <... mmap resumed>) = 0x200000000000 [pid 2022] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2021] <... futex resumed>) = 0 [ 49.580036][ T2016] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2036] <... futex resumed>) = 1 [pid 2021] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2036] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2021] <... futex resumed>) = ? [pid 2036] <... futex resumed>) = ? [pid 2036] +++ killed by SIGBUS +++ [pid 2022] +++ killed by SIGBUS +++ [pid 2021] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2021, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2031] <... close resumed>) = 0 [pid 2031] mkdir("./file2", 0777) = 0 [ 49.640187][ T2022] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2031] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2032] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2032] mkdir("./file2", 0777) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2032] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2028] <... close resumed>) = 0 [pid 2028] mkdir("./file2", 0777) = 0 [pid 2028] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2031] <... mount resumed>) = 0 [pid 2031] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2031] chdir("./file2") = 0 [pid 2031] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2031] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 287] close(3 [pid 2031] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 2031] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2031] close(4 [pid 290] newfstatat(AT_FDCWD, "./57/file2", [pid 2031] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2039 [pid 2031] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2031] <... futex resumed>) = 1 [pid 2027] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2031] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2027] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2027] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 2031] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000executing program [pid 2027] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(4, "", ./strace-static-x86_64: Process 2039 attached [pid 2031] <... openat resumed>) = 4 [pid 2039] set_robust_list(0x555594a056a0, 24) = 0 [pid 2039] chdir("./60") = 0 [pid 2039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2039] setpgid(0, 0) = 0 [pid 2039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2039] write(3, "1000", 4) = 4 [pid 2039] close(3) = 0 [pid 2039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2039] write(1, "executing program\n", 18) = 18 [pid 2039] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2039] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2039] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2043]}, 88) = 2043 [pid 2039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2039] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2039] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2043 attached [pid 2043] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2043] memfd_create("syzkaller", 0) = 3 [pid 2043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2031] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2027] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2031] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2027] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 290] getdents64(4, [pid 2031] write(4, "#! \n", 4 [pid 2027] <... futex resumed>) = 0 [pid 2031] <... write resumed>) = 4 [pid 2027] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2027] <... futex resumed>) = 0 [pid 2031] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2031] <... futex resumed>) = 0 [pid 290] getdents64(4, [pid 2031] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2027] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2027] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] close(4 [pid 2027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... close resumed>) = 0 [pid 2027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] rmdir("./57/file2") = 0 [pid 2027] <... clone3 resumed> => {parent_tid=[2045]}, 88) = 2045 [pid 2027] rt_sigprocmask(SIG_SETMASK, [], [pid 290] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2027] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./57/binderfs" [pid 2043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2028] <... mount resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 2028] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 290] getdents64(3, [pid 2028] chdir("./file2") = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2028] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 290] close(3 [pid 2028] ioctl(4, LOOP_CLR_FD) = 0 [pid 290] <... close resumed>) = 0 [pid 2028] close(4) = 0 [pid 2043] <... write resumed>) = 524288 [pid 2043] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2043] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2045 attached [pid 2045] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2045] write(4, "#! \n", 4) = 4 [pid 2045] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2045] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] rmdir("./57" [pid 2027] <... futex resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 290] mkdir("./58", 0777 [pid 2027] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2032] <... mount resumed>) = 0 [pid 2027] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2031] <... futex resumed>) = 0 [pid 2028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] <... openat resumed>) = 3 [pid 2031] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2032] chdir("./file2" [pid 2028] <... futex resumed>) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2031] <... mmap resumed>) = 0x200000000000 [pid 2026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] <... chdir resumed>) = 0 [pid 2031] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2026] <... futex resumed>) = 0 [pid 2032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2031] <... futex resumed>) = 1 [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] <... ioctl resumed>) = 0 [pid 2043] close(3) = 0 [pid 2043] close(4 [pid 2028] <... openat resumed>) = 4 [pid 2028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2028] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2027] <... futex resumed>) = 0 [pid 2027] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2026] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2047]}, 88) = 2047 [pid 2026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2026] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2028] <... futex resumed>) = 0 [pid 2028] write(4, "#! \n", 4) = 4 [pid 2028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2028] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2047 attached [pid 2047] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2047] write(4, "#! \n", 4) = 4 [pid 2047] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2026] <... futex resumed>) = 0 [pid 2026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2028] <... futex resumed>) = 0 [pid 2026] <... futex resumed>) = 1 [pid 2028] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2028] <... mmap resumed>) = 0x200000000000 [pid 2028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2047] <... futex resumed>) = 1 [pid 2031] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2027] <... futex resumed>) = ? [pid 2045] <... futex resumed>) = ? [pid 2047] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2045] +++ killed by SIGBUS +++ [pid 2031] +++ killed by SIGBUS +++ [pid 2027] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2027, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2026] <... futex resumed>) = 0 [pid 2026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2028] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2047] <... futex resumed>) = ? [pid 2026] <... futex resumed>) = ? [pid 2047] +++ killed by SIGBUS +++ [pid 2028] +++ killed by SIGBUS +++ [pid 2026] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2026, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2043] <... close resumed>) = 0 [pid 2043] mkdir("./file2", 0777) = 0 [pid 2043] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2032] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 2032] ioctl(4, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./57/file2") = 0 [pid 291] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./57/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./57") = 0 [pid 291] mkdir("./58", 0777) = 0 [ 49.821915][ T2031] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 49.827053][ T2028] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program [pid 2032] <... ioctl resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2032] close(4 [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2048 ./strace-static-x86_64: Process 2048 attached [pid 2048] set_robust_list(0x555594a056a0, 24) = 0 [pid 2048] chdir("./58") = 0 [pid 2048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2048] setpgid(0, 0) = 0 [pid 2048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2048] write(3, "1000", 4) = 4 [pid 2048] close(3) = 0 [pid 2048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2048] write(1, "executing program\n", 18) = 18 [pid 2048] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2048] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2048] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2049]}, 88) = 2049 [pid 2048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2048] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2048] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2049 attached [pid 2049] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2049] memfd_create("syzkaller", 0) = 3 [pid 2049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] <... umount2 resumed>) = 0 [pid 2032] <... close resumed>) = 0 [pid 2049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2049] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2049] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2025] <... futex resumed>) = 0 [pid 2032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2025] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2025] <... futex resumed>) = 0 [pid 2049] <... openat resumed>) = 4 [pid 2049] ioctl(4, LOOP_SET_FD, 3 [pid 2032] <... openat resumed>) = 4 [pid 2032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] <... futex resumed>) = 0 [pid 2025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2025] <... futex resumed>) = 0 [pid 2032] write(4, "#! \n", 4 [pid 2025] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] <... write resumed>) = 4 [pid 2025] <... futex resumed>) = 0 [pid 2032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2032] <... futex resumed>) = 0 [pid 2025] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2025] <... mprotect resumed>) = 0 [pid 2025] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2025] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] newfstatat(AT_FDCWD, "./55/file2", [pid 2025] <... clone3 resumed> => {parent_tid=[2051]}, 88) = 2051 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2025] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2025] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2051 attached [pid 288] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2051] set_robust_list(0x7f0aeccae9a0, 24 [pid 2049] <... ioctl resumed>) = 0 [pid 288] close(4 [pid 2049] close(3) = 0 [pid 2051] <... set_robust_list resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 2051] rt_sigprocmask(SIG_SETMASK, [], [pid 2049] close(4 [pid 2043] <... mount resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] <... close resumed>) = 0 [pid 2051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2043] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 288] rmdir("./55/file2" [pid 2051] write(4, "#! \n", 4 [pid 2043] <... openat resumed>) = 3 [pid 2051] <... write resumed>) = 4 [pid 2043] chdir("./file2" [pid 288] <... rmdir resumed>) = 0 [pid 2051] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2043] <... chdir resumed>) = 0 [pid 2051] <... futex resumed>) = 1 [pid 2043] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2025] <... futex resumed>) = 0 [pid 2051] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] <... futex resumed>) = 0 [pid 2025] <... futex resumed>) = 1 [pid 2032] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2025] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] <... mmap resumed>) = 0x200000000000 [pid 288] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./55/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./55" [pid 2032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2025] <... futex resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 2032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] mkdir("./56", 0777 [pid 2032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2025] <... futex resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2025] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2051] <... futex resumed>) = ? [pid 2025] <... futex resumed>) = ? [pid 2051] +++ killed by SIGBUS +++ [pid 2032] +++ killed by SIGBUS +++ [pid 2025] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2025, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2049] <... close resumed>) = 0 [pid 2049] mkdir("./file2", 0777) = 0 [ 49.953281][ T2032] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2049] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2043] <... openat resumed>) = 4 [pid 291] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2043] ioctl(4, LOOP_CLR_FD [pid 291] close(3 [pid 288] close(3 [pid 2043] <... ioctl resumed>) = 0 [pid 289] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2043] close(4 [pid 291] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2043] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2043] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2039] <... futex resumed>) = 0 [pid 2043] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2039] <... futex resumed>) = 0 [pid 2043] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2039] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2056 attached ./strace-static-x86_64: Process 2055 attached [pid 2043] <... openat resumed>) = 4 [pid 289] newfstatat(AT_FDCWD, "./56/file2", [pid 2043] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2056 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2055 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2043] <... futex resumed>) = 1 [pid 2039] <... futex resumed>) = 0 [pid 289] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2043] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] set_robust_list(0x555594a056a0, 24 [pid 2055] set_robust_list(0x555594a056a0, 24 [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2039] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2043] write(4, "#! \n", 4 [pid 2039] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2043] <... write resumed>) = 4 [pid 2043] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2039] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2049] <... mount resumed>) = 0 [pid 2043] <... futex resumed>) = 0 [pid 2039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... openat resumed>) = 4 [pid 2049] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2043] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] newfstatat(4, "", [pid 2049] <... openat resumed>) = 3 [pid 2039] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2049] chdir("./file2" [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2049] <... chdir resumed>) = 0 [pid 2039] <... mprotect resumed>) = 0 [pid 2049] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] getdents64(4, [pid 2039] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2039] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2049] <... openat resumed>) = 4 [pid 2039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] getdents64(4, [pid 2049] ioctl(4, LOOP_CLR_FD) = 0 [pid 2039] <... clone3 resumed> => {parent_tid=[2058]}, 88) = 2058 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2049] close(4 [pid 2039] rt_sigprocmask(SIG_SETMASK, [], [pid 289] close(4 [pid 2049] <... close resumed>) = 0 [pid 2039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2049] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2039] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 [pid 2049] <... futex resumed>) = 1 [pid 2048] <... futex resumed>) = 0 [pid 2039] <... futex resumed>) = 0 [pid 289] rmdir("./56/file2" [pid 2049] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2048] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2039] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2048] <... futex resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 2049] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2048] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2049] <... openat resumed>) = 4 [pid 2049] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2049] <... futex resumed>) = 1 [pid 2048] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./56/binderfs", [pid 2049] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2048] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2048] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2049] write(4, "#! \n", 4 [pid 2048] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] unlink("./56/binderfs" [pid 2049] <... write resumed>) = 4 [pid 2048] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2058 attached [pid 289] <... unlink resumed>) = 0 [pid 2048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2049] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(3, [pid 2049] <... futex resumed>) = 0 [pid 2048] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2049] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2048] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2048] <... mprotect resumed>) = 0 [pid 289] close(3 [pid 2058] set_robust_list(0x7f0aeccae9a0, 24 [pid 2048] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... close resumed>) = 0 [pid 2048] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] rmdir("./56" [pid 2048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2058] <... set_robust_list resumed>) = 0 [pid 2058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2058] write(4, "#! \n", 4) = 4 [pid 289] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 2059 attached [pid 2056] <... set_robust_list resumed>) = 0 [pid 2055] <... set_robust_list resumed>) = 0 [pid 289] mkdir("./57", 0777 [pid 2048] <... clone3 resumed> => {parent_tid=[2059]}, 88) = 2059 [pid 2055] chdir("./56" [pid 289] <... mkdir resumed>) = 0 [pid 2048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2048] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2055] <... chdir resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2048] <... futex resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 2048] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] close(3 [pid 2055] <... prctl resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2055] setpgid(0, 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2055] <... setpgid resumed>) = 0 [pid 2055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2058] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] chdir("./58" [pid 2058] <... futex resumed>) = 1 [pid 2039] <... futex resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2060 [pid 2058] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2055] <... openat resumed>) = 3 [pid 2043] <... futex resumed>) = 0 [pid 2039] <... futex resumed>) = 1 [pid 2056] <... chdir resumed>) = 0 [pid 2043] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2039] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2043] <... mmap resumed>) = 0x200000000000 [pid 2056] <... prctl resumed>) = 0 [pid 2043] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] setpgid(0, 0 [pid 2043] <... futex resumed>) = 1 [pid 2039] <... futex resumed>) = 0 [pid 2043] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2039] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 executing program executing program executing program [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2039] <... futex resumed>) = 0 [pid 2055] write(3, "1000", 4 [pid 2056] <... setpgid resumed>) = 0 [pid 2039] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2055] <... write resumed>) = 4 [pid 2056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2055] close(3) = 0 [pid 2055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2056] <... openat resumed>) = 3 [pid 2056] write(3, "1000", 4) = 4 [pid 2056] close(3) = 0 [pid 2055] write(1, "executing program\n", 18 [pid 2056] symlink("/dev/binderfs", "./binderfs" [pid 2055] <... write resumed>) = 18 [pid 2056] <... symlink resumed>) = 0 [pid 2055] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2055] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2055] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2056] write(1, "executing program\n", 18) = 18 [pid 2055] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2056] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2055] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2055] <... clone3 resumed> => {parent_tid=[2061]}, 88) = 2061 [pid 2056] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2055] rt_sigprocmask(SIG_SETMASK, [], [pid 2056] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2056] <... mprotect resumed>) = 0 [pid 2055] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2055] <... futex resumed>) = 0 [pid 2056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2055] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2062]}, 88) = 2062 [pid 2056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2056] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2059] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2059] write(4, "#! \n", 4) = 4 [pid 2059] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2059] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2060 attached [pid 2060] set_robust_list(0x555594a056a0, 24) = 0 [pid 2060] chdir("./57") = 0 [pid 2060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2060] setpgid(0, 0) = 0 [pid 2060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2060] write(3, "1000", 4) = 4 [pid 2060] close(3) = 0 [pid 2060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2060] write(1, "executing program\n", 18) = 18 [pid 2060] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2060] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2060] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2063]}, 88) = 2063 [pid 2060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2060] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2060] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2063 attached [pid 2063] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2063] memfd_create("syzkaller", 0) = 3 [pid 2063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2063] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2063] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2063] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2061 attached [pid 2061] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2061] memfd_create("syzkaller", 0) = 3 [pid 2061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2048] <... futex resumed>) = 0 [pid 2048] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2049] <... futex resumed>) = 0 [pid 2048] <... futex resumed>) = 1 [pid 2049] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2048] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2062 attached [pid 2049] <... mmap resumed>) = 0x200000000000 [pid 2062] set_robust_list(0x7f0aecccf9a0, 24 [pid 2049] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... set_robust_list resumed>) = 0 [pid 2049] <... futex resumed>) = 1 [pid 2048] <... futex resumed>) = 0 [pid 2062] rt_sigprocmask(SIG_SETMASK, [], [pid 2043] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2049] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2048] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] memfd_create("syzkaller", 0 [pid 2058] <... futex resumed>) = ? [pid 2049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2048] <... futex resumed>) = 0 [pid 2039] <... futex resumed>) = ? [pid 2062] <... memfd_create resumed>) = 3 [pid 2063] <... ioctl resumed>) = 0 [pid 2063] close(3) = 0 [pid 2063] close(4 [pid 2061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2061] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2061] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2061] ioctl(4, LOOP_SET_FD, 3 [pid 2048] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2062] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2062] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2061] <... ioctl resumed>) = 0 [pid 2063] <... close resumed>) = 0 [pid 2062] <... openat resumed>) = 4 [pid 2063] mkdir("./file2", 0777 [pid 2062] ioctl(4, LOOP_SET_FD, 3 [pid 2043] +++ killed by SIGBUS +++ [pid 2063] <... mkdir resumed>) = 0 [pid 2063] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2058] +++ killed by SIGBUS +++ [pid 2039] +++ killed by SIGBUS +++ [pid 2061] close(3) = 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2039, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2061] close(4 [pid 287] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2059] <... futex resumed>) = ? [pid 2048] <... futex resumed>) = ? [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 2059] +++ killed by SIGBUS +++ [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2049] +++ killed by SIGBUS +++ [pid 2048] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2048, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2062] <... ioctl resumed>) = 0 [pid 2061] <... close resumed>) = 0 [pid 2061] mkdir("./file2", 0777 [pid 2062] close(3) = 0 [pid 2062] close(4) = 0 [pid 2062] mkdir("./file2", 0777) = 0 [pid 2062] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2061] <... mkdir resumed>) = 0 [pid 2061] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2062] <... mount resumed>) = 0 [pid 2062] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2063] <... mount resumed>) = 0 [pid 2062] <... openat resumed>) = 3 [pid 2062] chdir("./file2") = 0 [pid 2062] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2063] chdir("./file2") = 0 [pid 2063] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2061] <... mount resumed>) = 0 [pid 2061] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2061] chdir("./file2") = 0 [ 50.107607][ T2043] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 50.124910][ T2049] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2061] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2063] <... openat resumed>) = 4 [pid 2062] <... openat resumed>) = 4 [pid 2061] <... openat resumed>) = 4 [pid 2063] ioctl(4, LOOP_CLR_FD) = 0 [pid 2063] close(4) = 0 [pid 2063] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2063] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./60/file2") = 0 [pid 287] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./60/binderfs") = 0 [pid 287] getdents64(3, [pid 2060] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2062] ioctl(4, LOOP_CLR_FD [pid 2061] ioctl(4, LOOP_CLR_FD [pid 2060] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = 0 [pid 287] close(3 [pid 2063] <... futex resumed>) = 0 [pid 2062] <... ioctl resumed>) = 0 [pid 2061] <... ioctl resumed>) = 0 [pid 2060] <... futex resumed>) = 1 [pid 290] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2063] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2062] close(4 [pid 2061] close(4 [pid 2060] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 2063] <... openat resumed>) = 4 [pid 2062] <... close resumed>) = 0 [pid 2063] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2063] <... futex resumed>) = 1 [pid 2060] <... futex resumed>) = 0 [pid 2063] write(4, "#! \n", 4 [pid 2062] <... futex resumed>) = 1 [pid 2060] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] <... futex resumed>) = 0 [pid 2062] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2063] <... write resumed>) = 4 [pid 2062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2060] <... futex resumed>) = 0 [pid 2056] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./58/file2") = 0 [pid 290] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./58/binderfs" [pid 2062] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2060] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] <... futex resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 290] getdents64(3, [pid 2060] <... futex resumed>) = 0 [pid 2056] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2063] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... openat resumed>) = 4 [pid 2061] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] close(3) = 0 [pid 290] rmdir("./58") = 0 [pid 290] mkdir("./59", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2063] <... futex resumed>) = 0 [pid 2062] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2060] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... openat resumed>) = 3 [pid 2063] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2062] <... futex resumed>) = 1 [pid 2061] <... futex resumed>) = 1 [pid 2060] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2056] <... futex resumed>) = 0 [pid 2055] <... futex resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] rmdir("./60" [pid 2062] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2061] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2060] <... mprotect resumed>) = 0 [pid 2056] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2055] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2060] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2056] <... futex resumed>) = 0 [pid 2055] <... futex resumed>) = 0 [pid 290] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 2062] write(4, "#! \n", 4 [pid 2061] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2060] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2056] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2055] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... close resumed>) = 0 [pid 287] mkdir("./61", 0777 [pid 2062] <... write resumed>) = 4 [pid 2061] <... openat resumed>) = 4 [pid 2060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2056] <... futex resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2062] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... mkdir resumed>) = 0 [pid 2062] <... futex resumed>) = 0 [pid 2061] <... futex resumed>) = 1 [pid 2060] <... clone3 resumed> => {parent_tid=[2074]}, 88) = 2074 [pid 2056] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2055] <... futex resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2075 [pid 2062] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2061] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2060] rt_sigprocmask(SIG_SETMASK, [], [pid 2056] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2055] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2056] <... mprotect resumed>) = 0 [pid 2055] <... futex resumed>) = 0 [pid 2061] write(4, "#! \n", 4 [pid 2060] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2060] <... futex resumed>) = 0 [pid 2055] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... openat resumed>) = 3 [pid 2061] <... write resumed>) = 4 [pid 2060] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2055] <... futex resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2061] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2061] <... futex resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2061] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2055] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] close(3 [pid 2056] <... clone3 resumed> => {parent_tid=[2076]}, 88) = 2076 [pid 2055] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2056] rt_sigprocmask(SIG_SETMASK, [], [pid 2055] <... mprotect resumed>) = 0 [pid 2056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... close resumed>) = 0 [pid 2056] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2055] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2056] <... futex resumed>) = 0 [pid 2055] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2056] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2074 attached [pid 2074] set_robust_list(0x7f0aeccae9a0, 24 [pid 2055] <... clone3 resumed> => {parent_tid=[2077]}, 88) = 2077 [pid 2055] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2078 [pid 2055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2055] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2055] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2074] <... set_robust_list resumed>) = 0 [pid 2074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2074] write(4, "#! \n", 4) = 4 [pid 2074] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2060] <... futex resumed>) = 0 [pid 2074] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2060] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2063] <... futex resumed>) = 0 [pid 2060] <... futex resumed>) = 1 [pid 2063] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2060] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2077 attached [pid 2063] <... mmap resumed>) = 0x200000000000 [pid 2077] set_robust_list(0x7f0aeccae9a0, 24 [pid 2063] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2077] <... set_robust_list resumed>) = 0 [pid 2063] <... futex resumed>) = 1 [pid 2060] <... futex resumed>) = 0 [pid 2077] rt_sigprocmask(SIG_SETMASK, [], [pid 2063] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2060] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2060] <... futex resumed>) = 0 [pid 2077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2077] write(4, "#! \n", 4) = 4 [pid 2077] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2077] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2075 attached [pid 2075] set_robust_list(0x555594a056a0, 24) = 0 [pid 2075] chdir("./59") = 0 [pid 2075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2075] setpgid(0, 0) = 0 [pid 2075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2075] write(3, "1000", 4) = 4 [pid 2075] close(3) = 0 [pid 2075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2075] write(1, "executing program\n", 18executing program ) = 18 [pid 2075] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2075] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2075] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2079]}, 88) = 2079 [pid 2075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2075] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2075] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2079 attached [pid 2079] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2079] memfd_create("syzkaller", 0) = 3 [pid 2079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2060] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2055] <... futex resumed>) = 0 [pid 2055] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2061] <... futex resumed>) = 0 [pid 2055] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2061] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2061] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2055] <... futex resumed>) = 0 [pid 2061] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2055] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2055] <... futex resumed>) = 0 [pid 2079] <... write resumed>) = 524288 [pid 2079] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2079] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2079] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2076 attached [pid 2076] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2076] write(4, "#! \n", 4) = 4 [pid 2076] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2076] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2078 attached [pid 2078] set_robust_list(0x555594a056a0, 24) = 0 [pid 2078] chdir("./61") = 0 [pid 2078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2078] setpgid(0, 0) = 0 [pid 2078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2078] write(3, "1000", 4) = 4 [pid 2078] close(3) = 0 [pid 2078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2078] write(1, "executing program\n", 18executing program ) = 18 [pid 2078] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2078] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2080]}, 88) = 2080 [pid 2078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2078] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2078] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2080 attached [pid 2080] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2056] <... futex resumed>) = 0 [pid 2055] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2056] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2062] <... futex resumed>) = 0 [pid 2062] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2062] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] <... futex resumed>) = 0 [pid 2062] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2056] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2056] <... futex resumed>) = 0 [pid 2080] memfd_create("syzkaller", 0) = 3 [pid 2080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2080] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2080] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2063] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2074] <... futex resumed>) = ? [pid 2061] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2077] <... futex resumed>) = ? [pid 2080] <... openat resumed>) = 4 [pid 2079] <... ioctl resumed>) = 0 [pid 2080] ioctl(4, LOOP_SET_FD, 3 [pid 2079] close(3) = 0 [pid 2079] close(4 [pid 2055] <... futex resumed>) = ? [pid 2060] <... futex resumed>) = ? [pid 2056] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2077] +++ killed by SIGBUS +++ [pid 2074] +++ killed by SIGBUS +++ [pid 2080] <... ioctl resumed>) = 0 [pid 2063] +++ killed by SIGBUS +++ [pid 2060] +++ killed by SIGBUS +++ [pid 2080] close(3) = 0 [pid 2061] +++ killed by SIGBUS +++ [pid 2055] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2060, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2062] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2080] close(4 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2055, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2076] <... futex resumed>) = ? [pid 2056] <... futex resumed>) = ? [pid 2076] +++ killed by SIGBUS +++ [pid 2062] +++ killed by SIGBUS +++ [pid 2056] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2056, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... restart_syscall resumed>) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... openat resumed>) = 3 [pid 288] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... openat resumed>) = 3 [pid 291] getdents64(3, [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2079] <... close resumed>) = 0 [pid 2079] mkdir("./file2", 0777) = 0 [ 50.276101][ T2063] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 50.292142][ T2061] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 50.308706][ T2062] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2079] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2080] <... close resumed>) = 0 [pid 2080] mkdir("./file2", 0777) = 0 [pid 2080] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program [pid 291] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 291] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./58/file2") = 0 [pid 291] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./58/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./58") = 0 [pid 291] mkdir("./59", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2083 ./strace-static-x86_64: Process 2083 attached [pid 2083] set_robust_list(0x555594a056a0, 24) = 0 [pid 2083] chdir("./59") = 0 [pid 2083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2083] setpgid(0, 0) = 0 [pid 2083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2083] write(3, "1000", 4) = 4 [pid 2083] close(3) = 0 [pid 2083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2083] write(1, "executing program\n", 18) = 18 [pid 2083] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2083] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 289] <... umount2 resumed>) = 0 [pid 288] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(AT_FDCWD, "./56/file2", [pid 2083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2083] <... mmap resumed>) = 0x7f0aeccaf000 [pid 289] newfstatat(AT_FDCWD, "./57/file2", [pid 288] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2083] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 288] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 4 [pid 2083] <... mprotect resumed>) = 0 [pid 288] newfstatat(4, "", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] getdents64(4, [pid 289] <... openat resumed>) = 4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] newfstatat(4, "", [pid 288] getdents64(4, [pid 2083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] getdents64(4, [pid 288] close(4 [pid 2083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 288] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] rmdir("./56/file2" [pid 2083] <... clone3 resumed> => {parent_tid=[2084]}, 88) = 2084 [pid 2083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] getdents64(4, [pid 288] <... rmdir resumed>) = 0 [pid 2083] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2083] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2084 attached [pid 2084] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2084] memfd_create("syzkaller", 0) = 3 [pid 2084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] close(4 [pid 288] newfstatat(AT_FDCWD, "./56/binderfs", [pid 289] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./56/binderfs" [pid 289] rmdir("./57/file2" [pid 288] <... unlink resumed>) = 0 [pid 2084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 289] <... rmdir resumed>) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] close(3) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] rmdir("./56") = 0 [pid 289] newfstatat(AT_FDCWD, "./57/binderfs", [pid 288] mkdir("./57", 0777) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./57/binderfs" [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... unlink resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 289] close(3) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] rmdir("./57" [pid 288] close(3 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2084] <... write resumed>) = 524288 [pid 2084] munmap(0x7f0ae48af000, 138412032) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] mkdir("./58", 0777 [pid 2084] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2084] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2087 attached ) = 0 [pid 2084] close(3 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2087 [pid 289] <... mkdir resumed>) = 0 [pid 2084] <... close resumed>) = 0 [pid 2084] close(4 [pid 2087] set_robust_list(0x555594a056a0, 24) = 0 [pid 2087] chdir("./57") = 0 [pid 2087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2087] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 2087] write(3, "1000", 4) = 4 [pid 2087] close(3) = 0 [pid 2087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2087] write(1, "executing program\n", 18) = 18 [pid 2087] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2087] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2090]}, 88) = 2090 [pid 2087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2090 attached [pid 2090] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2090] memfd_create("syzkaller", 0) = 3 [pid 2090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2080] <... mount resumed>) = 0 [pid 2080] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2080] chdir("./file2") = 0 [pid 2080] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2079] <... mount resumed>) = 0 [pid 2079] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2079] <... openat resumed>) = 3 [pid 2079] chdir("./file2") = 0 [pid 2079] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2090] <... write resumed>) = 524288 [pid 2090] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2090] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2084] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2084] mkdir("./file2", 0777 [pid 289] ioctl(3, LOOP_CLR_FD [pid 2084] <... mkdir resumed>) = 0 [pid 2084] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2080] <... openat resumed>) = 4 [pid 2079] <... openat resumed>) = 4 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2080] ioctl(4, LOOP_CLR_FD [pid 2079] ioctl(4, LOOP_CLR_FD [pid 2080] <... ioctl resumed>) = 0 [pid 2079] <... ioctl resumed>) = 0 [pid 289] close(3 [pid 2080] close(4 [pid 2079] close(4 [pid 2080] <... close resumed>) = 0 [pid 2079] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2080] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2080] <... futex resumed>) = 1 [pid 2079] <... futex resumed>) = 1 [pid 2078] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 0 [pid 2080] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2079] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2078] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2078] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 0 [pid 2080] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2079] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2078] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2075] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] <... openat resumed>) = 4 [pid 2079] <... openat resumed>) = 4 [pid 2080] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] <... futex resumed>) = 1 [pid 2079] <... futex resumed>) = 1 [pid 2078] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 0 [pid 2080] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2079] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2078] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2078] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 0 [pid 2080] write(4, "#! \n", 4 [pid 2079] write(4, "#! \n", 4 [pid 2078] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] <... write resumed>) = 4 [pid 2079] <... write resumed>) = 4 [pid 2078] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 0 [pid 2080] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2080] <... futex resumed>) = 0 [pid 2079] <... futex resumed>) = 0 [pid 2078] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2075] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2092 [pid 2080] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2079] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2078] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2075] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2078] <... mprotect resumed>) = 0 [pid 2075] <... mprotect resumed>) = 0 [pid 2078] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2075] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2078] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2075] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2078] <... clone3 resumed> => {parent_tid=[2093]}, 88) = 2093 [pid 2075] <... clone3 resumed> => {parent_tid=[2094]}, 88) = 2094 [pid 2078] rt_sigprocmask(SIG_SETMASK, [], [pid 2075] rt_sigprocmask(SIG_SETMASK, [], [pid 2078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2078] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2078] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 0 [pid 2078] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2075] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2093 attached [pid 2093] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2093] write(4, "#! \n", 4) = 4 [pid 2093] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2078] <... futex resumed>) = 0 [pid 2078] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] <... futex resumed>) = 0 [pid 2078] <... futex resumed>) = 1 [pid 2080] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2078] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] <... mmap resumed>) = 0x200000000000 [pid 2080] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2078] <... futex resumed>) = 0 [pid 2080] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2078] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2078] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2094 attached ./strace-static-x86_64: Process 2092 attached [pid 2090] <... openat resumed>) = 4 [pid 2084] <... mount resumed>) = 0 [pid 2078] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2090] ioctl(4, LOOP_SET_FD, 3 [pid 2084] <... openat resumed>) = 3 [pid 2093] <... futex resumed>) = 1 [pid 2084] chdir("./file2" [pid 2093] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2084] <... chdir resumed>) = 0 [pid 2084] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2092] set_robust_list(0x555594a056a0, 24) = 0 [pid 2094] set_robust_list(0x7f0aeccae9a0, 24 [pid 2092] chdir("./58" [pid 2094] <... set_robust_list resumed>) = 0 [pid 2094] rt_sigprocmask(SIG_SETMASK, [], [pid 2092] <... chdir resumed>) = 0 [pid 2094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2094] write(4, "#! \n", 4 [pid 2092] setpgid(0, 0) = 0 [pid 2094] <... write resumed>) = 4 [pid 2094] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2090] <... ioctl resumed>) = 0 [pid 2080] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2090] close(3 [pid 2093] <... futex resumed>) = ? [pid 2078] <... futex resumed>) = ? [pid 2093] +++ killed by SIGBUS +++ [pid 2080] +++ killed by SIGBUS +++ [pid 2078] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2078, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2075] <... futex resumed>) = 0 [pid 2075] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 1 [pid 2079] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2075] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2079] <... mmap resumed>) = 0x200000000000 [pid 2079] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] <... futex resumed>) = 0 [pid 2090] <... close resumed>) = 0 [pid 2084] <... openat resumed>) = 4 [pid 2075] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... restart_syscall resumed>) = 0 [pid 2090] close(4 [pid 2084] ioctl(4, LOOP_CLR_FD [pid 2075] <... futex resumed>) = 0 [pid 2084] <... ioctl resumed>) = 0 [pid 2075] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] close(4 [pid 287] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2092] <... openat resumed>) = 3 [pid 287] getdents64(3, [pid 2092] write(3, "1000", 4 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2094] <... futex resumed>) = 1 [pid 2094] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2079] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2092] <... write resumed>) = 4 [pid 2094] <... futex resumed>) = ? [pid 2075] <... futex resumed>) = ? [pid 2092] close(3 [pid 2094] +++ killed by SIGBUS +++ [pid 2092] <... close resumed>) = 0 [pid 2092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2092] write(1, "executing program\n", 18executing program ) = 18 [pid 2092] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2079] +++ killed by SIGBUS +++ [pid 2075] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2075, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2092] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2098 attached => {parent_tid=[2098]}, 88) = 2098 [pid 2098] set_robust_list(0x7f0aecccf9a0, 24 [pid 2092] rt_sigprocmask(SIG_SETMASK, [], [pid 2098] <... set_robust_list resumed>) = 0 [pid 2092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2098] rt_sigprocmask(SIG_SETMASK, [], [pid 2092] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2092] <... futex resumed>) = 0 [pid 2098] memfd_create("syzkaller", 0 [pid 2092] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2098] <... memfd_create resumed>) = 3 [pid 2098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2098] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2098] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", [pid 2090] <... close resumed>) = 0 [pid 2084] <... close resumed>) = 0 [pid 2090] mkdir("./file2", 0777 [pid 2084] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2090] <... mkdir resumed>) = 0 [pid 2084] <... futex resumed>) = 1 [pid 2083] <... futex resumed>) = 0 [pid 2090] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2084] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2083] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(3, [pid 2084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2083] <... futex resumed>) = 0 [pid 2084] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2083] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2084] <... openat resumed>) = 4 [pid 2084] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2084] <... futex resumed>) = 1 [pid 2083] <... futex resumed>) = 0 [pid 2084] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2083] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2083] <... futex resumed>) = 0 [pid 2084] write(4, "#! \n", 4 [pid 2083] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... write resumed>) = 4 [pid 2083] <... futex resumed>) = 0 [pid 2084] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2084] <... futex resumed>) = 0 [pid 2083] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2084] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2083] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2099]}, 88) = 2099 [pid 2083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2083] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2083] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2099 attached [pid 2099] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2099] write(4, "#! \n", 4) = 4 [pid 2099] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2083] <... futex resumed>) = 0 [pid 2083] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = 0 [pid 2083] <... futex resumed>) = 1 [pid 2084] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2083] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] <... mmap resumed>) = 0x200000000000 [pid 2084] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2083] <... futex resumed>) = 0 [pid 2084] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2083] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 50.609245][ T2080] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 50.630571][ T2079] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2083] <... futex resumed>) = 0 [pid 2099] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2083] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2083] <... futex resumed>) = ? [pid 2099] <... futex resumed>) = ? [pid 2099] +++ killed by SIGBUS +++ [pid 2084] +++ killed by SIGBUS +++ [pid 2083] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2083, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2090] <... mount resumed>) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 2090] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2090] chdir("./file2") = 0 [pid 2090] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2098] <... openat resumed>) = 4 [ 50.663850][ T2084] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2090] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 2098] close(3 [pid 2090] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2098] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2098] close(4 [pid 291] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./59/file2", [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] newfstatat(AT_FDCWD, "./59/file2", [pid 290] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] newfstatat(4, "", [pid 291] <... openat resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] newfstatat(4, "", [pid 290] getdents64(4, [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] getdents64(4, [pid 290] close(4 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] close(4 [pid 290] rmdir("./59/file2" [pid 291] <... close resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./61/file2", [pid 291] rmdir("./59/file2" [pid 290] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... rmdir resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./59/binderfs", [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./59/binderfs", [pid 290] unlink("./59/binderfs" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... unlink resumed>) = 0 [pid 287] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] unlink("./59/binderfs" [pid 290] getdents64(3, [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./61/file2" [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 290] close(3 [pid 287] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./61/binderfs") = 0 [pid 291] getdents64(3, [pid 290] <... close resumed>) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] rmdir("./59" [pid 287] close(3 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./61" [pid 291] close(3 [pid 290] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./62", 0777 [pid 291] <... close resumed>) = 0 [pid 290] mkdir("./60", 0777 [pid 287] <... mkdir resumed>) = 0 [pid 291] rmdir("./59" [pid 290] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] <... rmdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] mkdir("./60", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2098] <... close resumed>) = 0 [pid 2090] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 2098] mkdir("./file2", 0777 [pid 2090] close(4 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 2098] <... mkdir resumed>) = 0 [pid 2098] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2090] <... close resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2090] <... futex resumed>) = 1 [pid 2087] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] close(3 [pid 287] close(3 [pid 2090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... close resumed>) = 0 [pid 2090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2087] <... futex resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2090] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2090] <... openat resumed>) = 4 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2103 [pid 2090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2105 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2104 [pid 2090] <... futex resumed>) = 1 [pid 2087] <... futex resumed>) = 0 [pid 2090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2087] <... futex resumed>) = 0 [pid 2090] write(4, "#! \n", 4 [pid 2087] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2105 attached [pid 2090] <... write resumed>) = 4 [pid 2087] <... futex resumed>) = 0 [pid 2090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2090] <... futex resumed>) = 0 [pid 2087] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2087] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2105] set_robust_list(0x555594a056a0, 24) = 0 [pid 2087] <... clone3 resumed> => {parent_tid=[2106]}, 88) = 2106 [pid 2087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2087] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2087] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2105] chdir("./60") = 0 [pid 2105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2105] setpgid(0, 0) = 0 [pid 2105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2105] write(3, "1000", 4) = 4 [pid 2105] close(3) = 0 [pid 2105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2105] write(1, "executing program\n", 18executing program ) = 18 [pid 2105] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2105] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2108]}, 88) = 2108 [pid 2105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2105] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2103 attached ./strace-static-x86_64: Process 2108 attached ./strace-static-x86_64: Process 2106 attached ./strace-static-x86_64: Process 2104 attached [pid 2103] set_robust_list(0x555594a056a0, 24 [pid 2108] set_robust_list(0x7f0aecccf9a0, 24 [pid 2104] set_robust_list(0x555594a056a0, 24 [pid 2106] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2104] <... set_robust_list resumed>) = 0 [pid 2103] <... set_robust_list resumed>) = 0 [pid 2106] rt_sigprocmask(SIG_SETMASK, [], [pid 2104] chdir("./62" [pid 2106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2104] <... chdir resumed>) = 0 [pid 2103] chdir("./60" [pid 2106] write(4, "#! \n", 4 [pid 2104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2103] <... chdir resumed>) = 0 [pid 2106] <... write resumed>) = 4 [pid 2104] <... prctl resumed>) = 0 [pid 2103] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2098] <... mount resumed>) = 0 [pid 2108] <... set_robust_list resumed>) = 0 [pid 2106] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] setpgid(0, 0 [pid 2103] <... prctl resumed>) = 0 [pid 2098] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2108] rt_sigprocmask(SIG_SETMASK, [], [pid 2106] <... futex resumed>) = 1 [pid 2104] <... setpgid resumed>) = 0 [pid 2103] setpgid(0, 0 [pid 2098] <... openat resumed>) = 3 [pid 2087] <... futex resumed>) = 0 [pid 2108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2106] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2103] <... setpgid resumed>) = 0 [pid 2098] chdir("./file2" [pid 2087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] memfd_create("syzkaller", 0 [pid 2104] <... openat resumed>) = 3 [pid 2103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2098] <... chdir resumed>) = 0 [pid 2090] <... futex resumed>) = 0 [pid 2087] <... futex resumed>) = 1 [pid 2108] <... memfd_create resumed>) = 3 [pid 2104] write(3, "1000", 4 [pid 2103] <... openat resumed>) = 3 [pid 2098] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2090] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2104] <... write resumed>) = 4 [pid 2103] write(3, "1000", 4 [pid 2098] <... openat resumed>) = 4 [pid 2090] <... mmap resumed>) = 0x200000000000 [pid 2104] close(3 [pid 2103] <... write resumed>) = 4 [pid 2098] ioctl(4, LOOP_CLR_FD [pid 2108] <... mmap resumed>) = 0x7f0ae48af000 [pid 2090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] <... close resumed>) = 0 [pid 2103] close(3 [pid 2098] <... ioctl resumed>) = 0 [pid 2090] <... futex resumed>) = 1 [pid 2087] <... futex resumed>) = 0 [pid 2104] symlink("/dev/binderfs", "./binderfs" [pid 2103] <... close resumed>) = 0 [pid 2098] close(4 [pid 2090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2104] <... symlink resumed>) = 0 [pid 2103] symlink("/dev/binderfs", "./binderfs" [pid 2098] <... close resumed>) = 0 [pid 2090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2087] <... futex resumed>) = 0 [pid 2108] <... write resumed>) = 524288 [pid 2104] write(1, "executing program\n", 18 [pid 2103] <... symlink resumed>) = 0 [pid 2098] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] munmap(0x7f0ae48af000, 138412032 [pid 2098] <... futex resumed>) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2108] <... munmap resumed>) = 0 [pid 2098] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program [pid 2092] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) executing program [pid 2092] <... futex resumed>) = 0 [pid 2108] <... openat resumed>) = 4 [pid 2104] <... write resumed>) = 18 [pid 2103] write(1, "executing program\n", 18 [pid 2098] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2092] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2108] ioctl(4, LOOP_SET_FD, 3 [pid 2104] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] <... write resumed>) = 18 [pid 2098] <... openat resumed>) = 4 [pid 2090] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2106] <... futex resumed>) = ? [pid 2104] <... futex resumed>) = 0 [pid 2103] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2087] <... futex resumed>) = ? [pid 2106] +++ killed by SIGBUS +++ [pid 2104] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2103] <... futex resumed>) = 0 [pid 2098] <... futex resumed>) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2108] <... ioctl resumed>) = 0 [pid 2104] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2103] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2098] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2092] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] +++ killed by SIGBUS +++ [pid 2087] +++ killed by SIGBUS +++ [pid 2108] close(3 [pid 2104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2103] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2092] <... futex resumed>) = 0 [pid 2108] <... close resumed>) = 0 [pid 2104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2098] write(4, "#! \n", 4 [pid 2092] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2087, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2108] close(4 [pid 2104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2098] <... write resumed>) = 4 [pid 2092] <... futex resumed>) = 0 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2104] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2098] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2104] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2103] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2098] <... futex resumed>) = 0 [pid 2092] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2104] <... mprotect resumed>) = 0 [pid 2103] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2098] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2092] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2104] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2103] <... mprotect resumed>) = 0 [pid 2092] <... mprotect resumed>) = 0 [pid 2104] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2092] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2104] <... clone3 resumed> => {parent_tid=[2111]}, 88) = 2111 [pid 2104] rt_sigprocmask(SIG_SETMASK, [], [pid 2103] <... clone3 resumed> => {parent_tid=[2112]}, 88) = 2112 [pid 2092] <... clone3 resumed> => {parent_tid=[2113]}, 88) = 2113 [pid 2104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2103] rt_sigprocmask(SIG_SETMASK, [], [pid 2092] rt_sigprocmask(SIG_SETMASK, [], [pid 2104] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2104] <... futex resumed>) = 0 [pid 2103] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2103] <... futex resumed>) = 0 [pid 2092] <... futex resumed>) = 0 [pid 2103] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2092] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2113 attached [pid 2113] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2113] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2112 attached NULL, 8) = 0 [pid 2113] write(4, "#! \n", 4) = 4 [pid 2113] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = 0 [pid 2092] <... futex resumed>) = 1 [pid 2098] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2092] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2098] <... mmap resumed>) = 0x200000000000 [pid 2098] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2092] <... futex resumed>) = 0 [pid 2098] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2092] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2092] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2111 attached [pid 2113] <... futex resumed>) = 1 [pid 2112] set_robust_list(0x7f0aecccf9a0, 24 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2112] <... set_robust_list resumed>) = 0 [pid 2112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2112] memfd_create("syzkaller", 0) = 3 [pid 2112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2111] set_robust_list(0x7f0aecccf9a0, 24 [pid 2113] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2111] <... set_robust_list resumed>) = 0 [pid 2111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2111] memfd_create("syzkaller", 0) = 3 [pid 2111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2098] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2092] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 (errno 18446744073709551555) [pid 2113] <... futex resumed>) = ? [pid 2113] +++ killed by SIGBUS +++ [pid 2108] <... close resumed>) = 0 [pid 2108] mkdir("./file2", 0777 [pid 2112] <... write resumed>) = 524288 [pid 2108] <... mkdir resumed>) = 0 [pid 2098] +++ killed by SIGBUS +++ [pid 2092] +++ killed by SIGBUS +++ [pid 2108] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2092, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2112] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2112] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2111] <... write resumed>) = 524288 [pid 2111] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2111] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 50.843923][ T2090] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 50.870376][ T2098] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2112] <... openat resumed>) = 4 [pid 2111] <... openat resumed>) = 4 [pid 2112] ioctl(4, LOOP_SET_FD, 3 [pid 2111] ioctl(4, LOOP_SET_FD, 3 [pid 288] <... umount2 resumed>) = 0 [pid 2112] <... ioctl resumed>) = 0 [pid 2111] <... ioctl resumed>) = 0 [pid 2112] close(3 [pid 2111] close(3 [pid 2112] <... close resumed>) = 0 [pid 2111] <... close resumed>) = 0 [pid 2112] close(4 [pid 2111] close(4 [pid 2112] <... close resumed>) = 0 [pid 2112] mkdir("./file2", 0777) = 0 [pid 2112] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./57/file2") = 0 [pid 288] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./57/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./57") = 0 [pid 288] mkdir("./58", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2108] <... mount resumed>) = 0 [pid 2108] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2108] chdir("./file2") = 0 [pid 2108] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2111] <... close resumed>) = 0 [pid 2111] mkdir("./file2", 0777) = 0 [pid 2111] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2108] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2108] ioctl(4, LOOP_CLR_FD [pid 289] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 2108] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2108] close(4 [pid 289] newfstatat(AT_FDCWD, "./58/file2", [pid 288] close(3 [pid 2108] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... close resumed>) = 0 [pid 2108] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2108] <... futex resumed>) = 1 [pid 2105] <... futex resumed>) = 0 [pid 2105] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2105] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2105] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2118 [pid 2108] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 2108] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(4, "", [pid 2108] <... futex resumed>) = 1 [pid 2105] <... futex resumed>) = 0 [pid 2108] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2105] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2105] <... futex resumed>) = 0 [pid 2108] write(4, "#! \n", 4 [pid 2105] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 2108] <... write resumed>) = 4 [pid 2105] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2108] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] getdents64(4, [pid 2108] <... futex resumed>) = 0 [pid 2105] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2108] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2105] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 2118 attached [pid 2105] <... mprotect resumed>) = 0 [pid 289] close(4 [pid 2118] set_robust_list(0x555594a056a0, 24 [pid 2112] <... mount resumed>) = 0 [pid 2105] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... close resumed>) = 0 [pid 2118] <... set_robust_list resumed>) = 0 [pid 2112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2105] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] rmdir("./58/file2" [pid 2118] chdir("./58" [pid 2112] <... openat resumed>) = 3 [pid 2105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... rmdir resumed>) = 0 [pid 2118] <... chdir resumed>) = 0 [pid 2112] chdir("./file2" [pid 2111] <... mount resumed>) = 0 [pid 289] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2118] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2112] <... chdir resumed>) = 0 [pid 2105] <... clone3 resumed> => {parent_tid=[2123]}, 88) = 2123 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2118] <... prctl resumed>) = 0 [pid 2112] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2105] rt_sigprocmask(SIG_SETMASK, [], [pid 289] newfstatat(AT_FDCWD, "./58/binderfs", [pid 2118] setpgid(0, 0 [pid 2112] <... openat resumed>) = 4 [pid 2105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2118] <... setpgid resumed>) = 0 [pid 2112] ioctl(4, LOOP_CLR_FD [pid 2105] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] unlink("./58/binderfs" [pid 2118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2112] <... ioctl resumed>) = 0 [pid 2105] <... futex resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 2118] <... openat resumed>) = 3 [pid 2112] close(4 [pid 2111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2105] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] getdents64(3, [pid 2118] write(3, "1000", 4 [pid 2112] <... close resumed>) = 0 [pid 2111] <... openat resumed>) = 3 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2118] <... write resumed>) = 4 [pid 2112] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] chdir("./file2" [pid 289] close(3 [pid 2118] close(3 [pid 2112] <... futex resumed>) = 1 [pid 2111] <... chdir resumed>) = 0 [pid 2103] <... futex resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2118] <... close resumed>) = 0 [pid 2112] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2111] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2103] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] rmdir("./58" [pid 2118] symlink("/dev/binderfs", "./binderfs" [pid 2112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2111] <... openat resumed>) = 4 [pid 2103] <... futex resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 2118] <... symlink resumed>) = 0 [pid 2112] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2111] ioctl(4, LOOP_CLR_FD [pid 2103] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] mkdir("./59", 0777executing program [pid 2118] write(1, "executing program\n", 18 [pid 2112] <... openat resumed>) = 4 [pid 2111] <... ioctl resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 2118] <... write resumed>) = 18 [pid 2112] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] close(4 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2118] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2112] <... futex resumed>) = 1 [pid 2111] <... close resumed>) = 0 [pid 2103] <... futex resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2118] <... futex resumed>) = 0 [pid 2112] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2111] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] ioctl(3, LOOP_CLR_FD [pid 2118] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2111] <... futex resumed>) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2103] <... futex resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2118] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2112] write(4, "#! \n", 4 [pid 2111] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(3 [pid 2118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2112] <... write resumed>) = 4 [pid 2111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2104] <... futex resumed>) = 0 [pid 2103] <... futex resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2112] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2104] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2112] <... futex resumed>) = 0 [pid 2111] <... openat resumed>) = 4 [pid 2103] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2118] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2112] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2111] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2124 [pid 2118] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2111] <... futex resumed>) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2103] <... mprotect resumed>) = 0 [pid 2118] <... mprotect resumed>) = 0 [pid 2111] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2104] <... futex resumed>) = 0 [pid 2103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2118] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2111] write(4, "#! \n", 4 [pid 2104] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2111] <... write resumed>) = 4 [pid 2104] <... futex resumed>) = 0 [pid 2103] <... clone3 resumed> => {parent_tid=[2125]}, 88) = 2125 [pid 2118] <... clone3 resumed> => {parent_tid=[2126]}, 88) = 2126 [pid 2103] rt_sigprocmask(SIG_SETMASK, [], [pid 2118] rt_sigprocmask(SIG_SETMASK, [], [pid 2103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2103] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2118] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] <... futex resumed>) = 0 [pid 2118] <... futex resumed>) = 0 [pid 2103] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2118] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2123 attached [pid 2123] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2123] write(4, "#! \n", 4) = 4 [pid 2123] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] <... futex resumed>) = 0 [pid 2105] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] <... futex resumed>) = 0 [pid 2105] <... futex resumed>) = 1 [pid 2108] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2105] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2108] <... mmap resumed>) = 0x200000000000 [pid 2108] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2105] <... futex resumed>) = 0 [pid 2108] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2105] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2105] <... futex resumed>) = 0 [pid 2111] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2111] <... futex resumed>) = 0 [pid 2104] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2111] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2127]}, 88) = 2127 [pid 2104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2104] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2123] <... futex resumed>) = 1 [pid 2123] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2124 attached [pid 2124] set_robust_list(0x555594a056a0, 24) = 0 [pid 2124] chdir("./59") = 0 [pid 2124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2124] setpgid(0, 0) = 0 [pid 2124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2124] write(3, "1000", 4./strace-static-x86_64: Process 2127 attached ./strace-static-x86_64: Process 2126 attached ./strace-static-x86_64: Process 2125 attached [pid 2108] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2105] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2126] set_robust_list(0x7f0aecccf9a0, 24 [pid 2125] set_robust_list(0x7f0aeccae9a0, 24 [pid 2123] <... futex resumed>) = ? [pid 2126] <... set_robust_list resumed>) = 0 [pid 2125] <... set_robust_list resumed>) = 0 [pid 2127] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2126] rt_sigprocmask(SIG_SETMASK, [], [pid 2125] rt_sigprocmask(SIG_SETMASK, [], [pid 2127] rt_sigprocmask(SIG_SETMASK, [], [pid 2126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2126] memfd_create("syzkaller", 0 [pid 2125] write(4, "#! \n", 4 [pid 2124] <... write resumed>) = 4 [pid 2127] write(4, "#! \n", 4 [pid 2126] <... memfd_create resumed>) = 3 [pid 2125] <... write resumed>) = 4 [pid 2124] close(3 [pid 2126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2125] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2127] <... write resumed>) = 4 [pid 2126] <... mmap resumed>) = 0x7f0ae48af000 [pid 2127] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2125] <... futex resumed>) = 1 [pid 2103] <... futex resumed>) = 0 [pid 2125] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] <... close resumed>) = 0 [pid 2103] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2124] symlink("/dev/binderfs", "./binderfs" [pid 2112] <... futex resumed>) = 0 [pid 2103] <... futex resumed>) = 1 [pid 2127] <... futex resumed>) = 1 [pid 2124] <... symlink resumed>) = 0 [pid 2112] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2104] <... futex resumed>) = 0 [pid 2103] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2127] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] write(1, "executing program\n", 18 [pid 2112] <... mmap resumed>) = 0x200000000000 [pid 2104] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 2124] <... write resumed>) = 18 [pid 2112] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2111] <... futex resumed>) = 0 [pid 2104] <... futex resumed>) = 1 [pid 2124] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2112] <... futex resumed>) = 1 [pid 2111] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2104] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2103] <... futex resumed>) = 0 [pid 2126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2124] <... futex resumed>) = 0 [pid 2112] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2111] <... mmap resumed>) = 0x200000000000 [pid 2103] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2124] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2111] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] <... futex resumed>) = 0 [pid 2124] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2111] <... futex resumed>) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2111] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2104] <... futex resumed>) = 0 [pid 2112] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2125] <... futex resumed>) = ? [pid 2124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2124] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2128]}, 88) = 2128 [pid 2124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2108] +++ killed by SIGBUS +++ [pid 2125] +++ killed by SIGBUS +++ [pid 2112] +++ killed by SIGBUS +++ [pid 2103] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2103, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2126] <... write resumed>) = 524288 [pid 2126] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2126] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2126] ioctl(4, LOOP_SET_FD, 3 [pid 2104] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2128 attached [pid 2128] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2128] memfd_create("syzkaller", 0) = 3 [pid 2128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 51.062365][ T2108] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 51.083933][ T2112] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2123] +++ killed by SIGBUS +++ [pid 2111] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2105] +++ killed by SIGBUS +++ [pid 2128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2126] <... ioctl resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2105, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2127] <... futex resumed>) = ? [pid 2104] <... futex resumed>) = ? [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2126] close(3) = 0 [pid 2126] close(4) = 0 [pid 2126] mkdir("./file2", 0777) = 0 [pid 2126] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2127] +++ killed by SIGBUS +++ [pid 2111] +++ killed by SIGBUS +++ [pid 2104] +++ killed by SIGBUS +++ [pid 2128] <... write resumed>) = 524288 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2104, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2128] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 290] <... restart_syscall resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 290] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... openat resumed>) = 3 [pid 290] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] newfstatat(3, "", [pid 290] <... openat resumed>) = 3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] newfstatat(3, "", [pid 287] getdents64(3, [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 2128] <... openat resumed>) = 4 [pid 2128] ioctl(4, LOOP_SET_FD, 3 [pid 291] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./60/file2") = 0 [pid 291] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./60/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./60") = 0 [pid 291] mkdir("./61", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2126] <... mount resumed>) = 0 [pid 2126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2126] chdir("./file2") = 0 [ 51.085043][ T2111] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2126] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 2128] <... ioctl resumed>) = 0 [pid 2126] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 290] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 290] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./60/file2") = 0 [pid 290] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./60/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./60") = 0 [pid 290] mkdir("./61", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2134 ./strace-static-x86_64: Process 2134 attached [pid 2134] set_robust_list(0x555594a056a0, 24) = 0 [pid 2134] chdir("./61") = 0 [pid 2134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2134] setpgid(0, 0) = 0 [pid 2134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2134] write(3, "1000", 4) = 4 [pid 2134] close(3) = 0 [pid 2134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2134] write(1, "executing program\n", 18) = 18 [pid 2134] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2128] close(3 [pid 291] close(3 [pid 2134] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2134] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] <... close resumed>) = 0 [pid 2128] <... close resumed>) = 0 [pid 2134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2135]}, 88) = 2135 [pid 2134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2134] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2135 attached [pid 2135] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2135] memfd_create("syzkaller", 0) = 3 [pid 2135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2128] close(4 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2128] <... close resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2136 [pid 2128] mkdir("./file2", 0777) = 0 [pid 2128] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2126] ioctl(4, LOOP_CLR_FD [pid 287] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2136 attached ) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2126] <... ioctl resumed>) = 0 [pid 2135] <... write resumed>) = 524288 [pid 287] <... openat resumed>) = 4 [pid 2136] set_robust_list(0x555594a056a0, 24) = 0 [pid 2136] chdir("./61" [pid 287] newfstatat(4, "", [pid 2136] <... chdir resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2136] setpgid(0, 0) = 0 [pid 2136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2136] write(3, "1000", 4) = 4 [pid 2136] close(3) = 0 [pid 2136] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2136] write(1, "executing program\n", 18 [pid 2126] close(4 [pid 287] getdents64(4, [pid 2136] <... write resumed>) = 18 [pid 2136] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2136] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2136] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2136] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2126] <... close resumed>) = 0 [pid 2135] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2136] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2135] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2135] ioctl(4, LOOP_SET_FD, 3 [pid 2136] <... clone3 resumed> => {parent_tid=[2137]}, 88) = 2137 [pid 2136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2136] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2126] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(4, [pid 2136] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2126] <... futex resumed>) = 1 [pid 2118] <... futex resumed>) = 0 [pid 2118] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2126] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2118] <... futex resumed>) = 0 [pid 287] close(4 [pid 2118] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./62/file2") = 0 [pid 287] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 2126] <... openat resumed>) = 4 [pid 287] newfstatat(AT_FDCWD, "./62/binderfs", [pid 2126] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./62/binderfs" [pid 2118] <... futex resumed>) = 0 [pid 2126] <... futex resumed>) = 1 [pid 2118] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2118] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... unlink resumed>) = 0 [pid 2126] write(4, "#! \n", 4 [pid 2118] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] getdents64(3, [pid 2118] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2126] <... write resumed>) = 4 [pid 2118] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2126] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] close(3) = 0 [pid 2118] <... clone3 resumed> => {parent_tid=[2140]}, 88) = 2140 [pid 2126] <... futex resumed>) = 0 [pid 2118] rt_sigprocmask(SIG_SETMASK, [], [pid 287] rmdir("./62" [pid 2118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2126] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2118] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 2118] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] mkdir("./63", 0777./strace-static-x86_64: Process 2137 attached [pid 2137] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2137] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... mkdir resumed>) = 0 [pid 2137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2137] memfd_create("syzkaller", 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2137] <... memfd_create resumed>) = 3 [pid 2137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 2140 attached [pid 2135] <... ioctl resumed>) = 0 [pid 2135] close(3) = 0 [pid 2135] close(4 [pid 2128] <... mount resumed>) = 0 [pid 2128] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2128] chdir("./file2") = 0 [pid 2128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2140] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2140] write(4, "#! \n", 4) = 4 [pid 2140] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2118] <... futex resumed>) = 0 [pid 2140] <... futex resumed>) = 1 [pid 2118] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2126] <... futex resumed>) = 0 [pid 2118] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2126] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2126] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2140] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2126] <... futex resumed>) = 1 [pid 2118] <... futex resumed>) = 0 [pid 2126] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2118] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2118] <... futex resumed>) = 0 [pid 2118] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2137] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2137] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2126] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2118] <... futex resumed>) = ? [pid 2140] <... futex resumed>) = ? [pid 2140] +++ killed by SIGBUS +++ [pid 2126] +++ killed by SIGBUS +++ [pid 2118] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2118, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2137] <... openat resumed>) = 4 [pid 2135] <... close resumed>) = 0 [pid 2128] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 2135] mkdir("./file2", 0777 [pid 2128] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 2137] ioctl(4, LOOP_SET_FD, 3 [pid 2135] <... mkdir resumed>) = 0 [pid 2128] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2135] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2128] close(4 [pid 287] close(3 [pid 2128] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] <... futex resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2128] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... restart_syscall resumed>) = 0 [pid 2124] <... futex resumed>) = 0 [pid 2128] <... openat resumed>) = 4 [pid 2124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2142 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2128] <... futex resumed>) = 1 [pid 2124] <... futex resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2128] write(4, "#! \n", 4 [pid 2124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] newfstatat(3, "", [pid 2128] <... write resumed>) = 4 [pid 2124] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2124] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2128] <... futex resumed>) = 0 [pid 2124] <... futex resumed>) = 0 [pid 288] getdents64(3, [pid 2128] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2124] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 288] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2144]}, 88) = 2144 [pid 2124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2124] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2142 attached [pid 2142] set_robust_list(0x555594a056a0, 24) = 0 [pid 2142] chdir("./63") = 0 [pid 2142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2142] setpgid(0, 0) = 0 [pid 2142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 2144 attached [pid 2144] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2144] write(4, "#! \n", 4 [pid 2142] write(3, "1000", 4 [pid 2144] <... write resumed>) = 4 [pid 2142] <... write resumed>) = 4 [pid 2142] close(3) = 0 [pid 2144] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2124] <... futex resumed>) = 0 [pid 2124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2128] <... futex resumed>) = 0 [pid 2124] <... futex resumed>) = 1 [pid 2128] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2128] <... mmap resumed>) = 0x200000000000 [pid 2128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] <... futex resumed>) = 0 [pid 2144] <... futex resumed>) = 1 [pid 2142] write(1, "executing program\n", 18 [pid 2124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 2144] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2142] <... write resumed>) = 18 [pid 2142] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2142] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2142] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2145]}, 88) = 2145 [pid 2142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2142] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2142] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2145 attached [pid 2145] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2145] memfd_create("syzkaller", 0) = 3 [pid 2145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2145] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2124] <... futex resumed>) = 0 [pid 2124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2128] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2144] <... futex resumed>) = ? [pid 2124] <... futex resumed>) = ? [pid 2135] <... mount resumed>) = 0 [pid 2144] +++ killed by SIGBUS +++ [pid 2128] +++ killed by SIGBUS +++ [pid 2124] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2124, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2135] chdir("./file2" [pid 289] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2135] <... chdir resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2135] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./58/file2") = 0 [pid 288] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./58/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./58" [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... rmdir resumed>) = 0 [pid 289] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] mkdir("./59", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2137] <... ioctl resumed>) = 0 [pid 2145] <... openat resumed>) = 4 [pid 2137] close(3 [pid 2135] <... openat resumed>) = 4 [pid 2145] ioctl(4, LOOP_SET_FD, 3 [pid 2137] <... close resumed>) = 0 [pid 2135] ioctl(4, LOOP_CLR_FD [ 51.207622][ T2126] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 51.241241][ T2128] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2137] close(4 [pid 289] <... umount2 resumed>) = 0 [pid 2135] <... ioctl resumed>) = 0 [pid 2135] close(4 [pid 289] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./59/file2") = 0 [pid 289] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./59/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./59") = 0 [pid 289] mkdir("./60", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2137] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2137] mkdir("./file2", 0777) = 0 [pid 2145] <... ioctl resumed>) = 0 [pid 2137] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2135] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2145] close(3 [pid 2135] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2145] <... close resumed>) = 0 [pid 2135] <... futex resumed>) = 1 [pid 2134] <... futex resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 2145] close(4 [pid 2135] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(3 [pid 288] <... close resumed>) = 0 [pid 2135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2134] <... futex resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2135] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2134] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2149 attached [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2149 [pid 2149] set_robust_list(0x555594a056a0, 24 [pid 2135] <... openat resumed>) = 4 [pid 2149] <... set_robust_list resumed>) = 0 [pid 2135] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] chdir("./59" [pid 2135] <... futex resumed>) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2135] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... chdir resumed>) = 0 [pid 2135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2134] <... futex resumed>) = 0 [pid 2135] write(4, "#! \n", 4 [pid 2134] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2135] <... write resumed>) = 4 [pid 2149] <... prctl resumed>) = 0 [pid 2134] <... futex resumed>) = 0 [pid 2149] setpgid(0, 0 [pid 2135] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2149] <... setpgid resumed>) = 0 [pid 2135] <... futex resumed>) = 0 [pid 2134] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2135] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2149] <... openat resumed>) = 3 [pid 2134] <... mprotect resumed>) = 0 [pid 2149] write(3, "1000", 4 [pid 2134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2149] <... write resumed>) = 4 [pid 2134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2149] close(3) = 0 [pid 2149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2134] <... clone3 resumed> => {parent_tid=[2150]}, 88) = 2150 [pid 2149] write(1, "executing program\n", 18 [pid 2134] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 2149] <... write resumed>) = 18 [pid 2134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2149] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2134] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = 0 [pid 2134] <... futex resumed>) = 0 [pid 2149] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2134] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2149] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 2150 attached [pid 2149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2150] set_robust_list(0x7f0aeccae9a0, 24 [pid 2149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2150] <... set_robust_list resumed>) = 0 [pid 2150] rt_sigprocmask(SIG_SETMASK, [], [pid 2149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2150] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 2151 attached [pid 2149] <... clone3 resumed> => {parent_tid=[2151]}, 88) = 2151 [pid 2150] write(4, "#! \n", 4 [pid 2149] rt_sigprocmask(SIG_SETMASK, [], [pid 2151] set_robust_list(0x7f0aecccf9a0, 24 [pid 2149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2150] <... write resumed>) = 4 [pid 2149] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] <... set_robust_list resumed>) = 0 [pid 2150] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] <... futex resumed>) = 0 [pid 2151] rt_sigprocmask(SIG_SETMASK, [], [pid 2149] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2150] <... futex resumed>) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2135] <... futex resumed>) = 0 [pid 2134] <... futex resumed>) = 1 [pid 2135] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2134] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2150] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2135] <... mmap resumed>) = 0x200000000000 [pid 2135] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2135] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2134] <... futex resumed>) = 0 [pid 2151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2151] memfd_create("syzkaller", 0) = 3 [pid 2151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2151] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2151] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2134] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2135] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2150] <... futex resumed>) = ? [pid 2134] <... futex resumed>) = ? [pid 2150] +++ killed by SIGBUS +++ [pid 2135] +++ killed by SIGBUS +++ [pid 2134] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2134, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2145] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2151] <... openat resumed>) = 4 [pid 2151] ioctl(4, LOOP_SET_FD, 3 [pid 2145] mkdir("./file2", 0777) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 2145] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 2151] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 2153 attached [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2153 [pid 2153] set_robust_list(0x555594a056a0, 24) = 0 [pid 2153] chdir("./60") = 0 [pid 2153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2153] setpgid(0, 0) = 0 [pid 2153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2153] write(3, "1000", 4) = 4 [pid 2153] close(3) = 0 [pid 2153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2153] write(1, "executing program\n", 18) = 18 [pid 2153] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2153] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2154]}, 88) = 2154 [pid 2153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2154 attached [pid 2154] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2154] memfd_create("syzkaller", 0) = 3 [pid 2154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2151] close(3) = 0 [pid 2151] close(4 [pid 2137] <... mount resumed>) = 0 [pid 2154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2137] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2137] chdir("./file2") = 0 [pid 2137] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2145] <... mount resumed>) = 0 [pid 2145] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2145] chdir("./file2") = 0 [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2154] <... write resumed>) = 524288 [pid 2154] munmap(0x7f0ae48af000, 138412032) = 0 [ 51.342949][ T2135] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2154] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./61/file2") = 0 [pid 290] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./61/binderfs", [pid 2145] <... openat resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./61/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./61") = 0 [pid 290] mkdir("./62", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2145] ioctl(4, LOOP_CLR_FD) = 0 [pid 2145] close(4) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2159 [pid 2145] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2142] <... futex resumed>) = 0 [pid 2145] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2142] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2142] <... futex resumed>) = 0 [pid 2145] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2142] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2154] <... openat resumed>) = 4 [pid 2145] <... openat resumed>) = 4 [pid 2137] <... openat resumed>) = 4 [pid 2154] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2159 attached [pid 2159] set_robust_list(0x555594a056a0, 24) = 0 [pid 2159] chdir("./62") = 0 [pid 2159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2145] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] ioctl(4, LOOP_CLR_FD [pid 2151] <... close resumed>) = 0 [pid 2145] <... futex resumed>) = 1 [pid 2142] <... futex resumed>) = 0 [pid 2151] mkdir("./file2", 0777 [pid 2145] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2142] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2142] <... futex resumed>) = 0 [pid 2145] write(4, "#! \n", 4 [pid 2142] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] <... write resumed>) = 4 [pid 2142] <... futex resumed>) = 0 [pid 2151] <... mkdir resumed>) = 0 [pid 2145] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2151] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2145] <... futex resumed>) = 0 [pid 2142] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2145] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2142] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2161]}, 88) = 2161 [pid 2142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2142] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2142] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2161 attached [pid 2159] setpgid(0, 0 [pid 2161] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2154] <... ioctl resumed>) = 0 [pid 2161] rt_sigprocmask(SIG_SETMASK, [], [pid 2159] <... setpgid resumed>) = 0 [pid 2154] close(3 [pid 2161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2161] write(4, "#! \n", 4) = 4 [pid 2161] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2142] <... futex resumed>) = 0 [pid 2142] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] <... futex resumed>) = 0 [pid 2142] <... futex resumed>) = 1 [pid 2145] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2142] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2154] <... close resumed>) = 0 [pid 2145] <... mmap resumed>) = 0x200000000000 [pid 2145] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2142] <... futex resumed>) = 0 [pid 2145] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2142] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2142] <... futex resumed>) = 0 [pid 2161] <... futex resumed>) = 1 [pid 2159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2154] close(4 [pid 2159] <... openat resumed>) = 3 [pid 2161] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] write(3, "1000", 4) = 4 [pid 2159] close(3) = 0 [pid 2159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2159] write(1, "executing program\n", 18executing program ) = 18 [pid 2159] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2159] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2162]}, 88) = 2162 [pid 2159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2159] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2162 attached [pid 2162] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2162] memfd_create("syzkaller", 0) = 3 [pid 2162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2162] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2162] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2142] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2161] <... futex resumed>) = 230 [pid 2142] <... futex resumed>) = ? [pid 2161] +++ killed by SIGBUS +++ [pid 2137] <... ioctl resumed>) = 0 [pid 2145] +++ killed by SIGBUS +++ [pid 2142] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2142, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2154] <... close resumed>) = 0 [pid 2154] mkdir("./file2", 0777) = 0 [pid 2154] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2137] close(4) = 0 [pid 2137] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2136] <... futex resumed>) = 0 [pid 2137] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2136] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2136] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2137] <... openat resumed>) = 4 [pid 2137] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2136] <... futex resumed>) = 0 [pid 2137] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2162] <... openat resumed>) = 4 [pid 2137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2136] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2162] ioctl(4, LOOP_SET_FD, 3 [pid 2137] write(4, "#! \n", 4 [pid 2136] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] <... write resumed>) = 4 [pid 2136] <... futex resumed>) = 0 [pid 2136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2137] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2136] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2137] <... futex resumed>) = 0 [pid 2136] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2137] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2136] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2162] <... ioctl resumed>) = 0 [pid 2151] <... mount resumed>) = 0 [pid 2136] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 2162] close(3 [pid 2154] <... mount resumed>) = 0 [pid 2151] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2154] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2151] <... openat resumed>) = 3 [pid 2154] <... openat resumed>) = 3 [pid 2151] chdir("./file2" [pid 2162] <... close resumed>) = 0 [pid 2136] <... clone3 resumed> => {parent_tid=[2168]}, 88) = 2168 [pid 2162] close(4 [pid 2154] chdir("./file2" [pid 2151] <... chdir resumed>) = 0 [pid 287] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2136] rt_sigprocmask(SIG_SETMASK, [], [pid 2154] <... chdir resumed>) = 0 [pid 2151] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2154] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2136] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] <... openat resumed>) = 3 [pid 2136] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] newfstatat(3, "", ./strace-static-x86_64: Process 2168 attached [pid 2168] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2168] write(4, "#! \n", 4) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2168] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2136] <... futex resumed>) = 0 [pid 2136] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] <... futex resumed>) = 0 [pid 2136] <... futex resumed>) = 1 [pid 2137] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2136] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2137] <... mmap resumed>) = 0x200000000000 [pid 287] getdents64(3, [pid 2137] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2136] <... futex resumed>) = 0 [pid 2137] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2136] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2136] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2168] <... futex resumed>) = 1 [pid 2136] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2168] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2137] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2136] <... futex resumed>) = ? [pid 2168] <... futex resumed>) = ? [pid 2168] +++ killed by SIGBUS +++ [pid 2137] +++ killed by SIGBUS +++ [pid 2136] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2136, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 51.422489][ T2145] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 51.453914][ T2137] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2162] <... close resumed>) = 0 [pid 2154] <... openat resumed>) = 4 [pid 2151] <... openat resumed>) = 4 [pid 2162] mkdir("./file2", 0777 [pid 2154] ioctl(4, LOOP_CLR_FD [pid 2151] ioctl(4, LOOP_CLR_FD [pid 2162] <... mkdir resumed>) = 0 [pid 2162] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2154] <... ioctl resumed>) = 0 [pid 2151] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 2154] close(4 [pid 2151] close(4 [pid 291] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... umount2 resumed>) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./61/file2") = 0 [pid 291] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./61/binderfs", [pid 2154] <... close resumed>) = 0 [pid 2151] <... close resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] unlink("./61/binderfs" [pid 2154] <... futex resumed>) = 1 [pid 2153] <... futex resumed>) = 0 [pid 2151] <... futex resumed>) = 1 [pid 2149] <... futex resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 2154] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(3, [pid 287] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2153] <... futex resumed>) = 0 [pid 2151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2149] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2154] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2151] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2149] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] close(3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2151] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 2154] <... openat resumed>) = 4 [pid 2151] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./61" [pid 287] newfstatat(AT_FDCWD, "./63/file2", [pid 2154] <... futex resumed>) = 1 [pid 2153] <... futex resumed>) = 0 [pid 2151] <... futex resumed>) = 1 [pid 2149] <... futex resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2154] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] mkdir("./62", 0777 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2153] <... futex resumed>) = 0 [pid 2151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2149] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 2154] write(4, "#! \n", 4 [pid 2153] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] write(4, "#! \n", 4 [pid 2149] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2154] <... write resumed>) = 4 [pid 2153] <... futex resumed>) = 0 [pid 2151] <... write resumed>) = 4 [pid 2149] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2151] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 2154] <... futex resumed>) = 0 [pid 2153] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2151] <... futex resumed>) = 0 [pid 2149] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2154] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2153] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2151] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] close(3 [pid 2153] <... mprotect resumed>) = 0 [pid 2149] <... mprotect resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 2153] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] newfstatat(4, "", [pid 2153] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2170 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 2153] <... clone3 resumed> => {parent_tid=[2171]}, 88) = 2171 [pid 2149] <... clone3 resumed> => {parent_tid=[2172]}, 88) = 2172 [pid 2153] rt_sigprocmask(SIG_SETMASK, [], [pid 2149] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] getdents64(4, [pid 2153] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2153] <... futex resumed>) = 0 [pid 2149] <... futex resumed>) = 0 [pid 287] close(4 [pid 2153] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./63/file2"./strace-static-x86_64: Process 2170 attached [pid 2170] set_robust_list(0x555594a056a0, 24) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 287] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./63/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./63" [pid 2170] chdir("./62" [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./64", 0777 [pid 2170] <... chdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2170] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] <... openat resumed>) = 3 [pid 2170] <... prctl resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2170] setpgid(0, 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2162] <... mount resumed>) = 0 [pid 2170] <... setpgid resumed>) = 0 [pid 2162] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 287] close(3 [pid 2170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2162] <... openat resumed>) = 3 ./strace-static-x86_64: Process 2172 attached ./strace-static-x86_64: Process 2171 attached [pid 2170] <... openat resumed>) = 3 [pid 2162] chdir("./file2" [pid 287] <... close resumed>) = 0 [pid 2172] set_robust_list(0x7f0aeccae9a0, 24 [pid 2171] set_robust_list(0x7f0aeccae9a0, 24 [pid 2170] write(3, "1000", 4 [pid 2162] <... chdir resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2172] <... set_robust_list resumed>) = 0 [pid 2171] <... set_robust_list resumed>) = 0 [pid 2170] <... write resumed>) = 4 [pid 2162] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 2174 attached ) = 4 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2174 [pid 2162] ioctl(4, LOOP_CLR_FD) = 0 [pid 2174] set_robust_list(0x555594a056a0, 24 [pid 2162] close(4executing program [pid 2174] <... set_robust_list resumed>) = 0 [pid 2162] <... close resumed>) = 0 [pid 2174] chdir("./64" [pid 2162] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... chdir resumed>) = 0 [pid 2162] <... futex resumed>) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2162] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2159] <... futex resumed>) = 0 [pid 2174] setpgid(0, 0 [pid 2162] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2159] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2174] <... setpgid resumed>) = 0 [pid 2174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2174] write(3, "1000", 4) = 4 [pid 2174] close(3 [pid 2162] <... openat resumed>) = 4 [pid 2174] <... close resumed>) = 0 [pid 2162] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] symlink("/dev/binderfs", "./binderfs" [pid 2162] <... futex resumed>) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2174] <... symlink resumed>) = 0 [pid 2162] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2159] <... futex resumed>) = 0 [pid 2162] write(4, "#! \n", 4 [pid 2159] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] write(1, "executing program\n", 18 [pid 2162] <... write resumed>) = 4 [pid 2159] <... futex resumed>) = 0 [pid 2162] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2162] <... futex resumed>) = 0 [pid 2159] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2162] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2174] <... write resumed>) = 18 [pid 2159] <... mprotect resumed>) = 0 [pid 2174] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2159] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2174] <... futex resumed>) = 0 [pid 2159] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2174] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2174] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2159] <... clone3 resumed> => {parent_tid=[2175]}, 88) = 2175 [pid 2174] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2159] rt_sigprocmask(SIG_SETMASK, [], [pid 2174] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2174] <... mprotect resumed>) = 0 [pid 2159] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2159] <... futex resumed>) = 0 [pid 2174] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2170] close(3 [pid 2159] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2170] <... close resumed>) = 0 [pid 2174] <... clone3 resumed> => {parent_tid=[2176]}, 88) = 2176 [pid 2174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2174] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2175 attached [pid 2175] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2175] write(4, "#! \n", 4) = 4 [pid 2175] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2162] <... futex resumed>) = 0 [pid 2159] <... futex resumed>) = 1 [pid 2162] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2159] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2162] <... mmap resumed>) = 0x200000000000 [pid 2162] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2162] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2175] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2162] <... futex resumed>) = 0 [pid 2159] <... futex resumed>) = 1 [pid 2172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2172] write(4, "#! \n", 4) = 4 [pid 2172] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2172] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] <... futex resumed>) = 0 [pid 2149] <... futex resumed>) = 1 [pid 2151] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2149] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2151] <... mmap resumed>) = 0x200000000000 [pid 2151] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2151] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2149] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2176 attached [pid 2171] rt_sigprocmask(SIG_SETMASK, [], [pid 2170] symlink("/dev/binderfs", "./binderfs" [pid 2162] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2159] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] set_robust_list(0x7f0aecccf9a0, 24 [pid 2175] <... futex resumed>) = ? [pid 2171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2170] <... symlink resumed>) = 0 [pid 2176] <... set_robust_list resumed>) = 0 [pid 2175] +++ killed by SIGBUS +++ [pid 2171] write(4, "#! \n", 4 [pid 2170] write(1, "executing program\n", 18executing program [pid 2176] rt_sigprocmask(SIG_SETMASK, [], [pid 2171] <... write resumed>) = 4 [pid 2170] <... write resumed>) = 18 [pid 2162] +++ killed by SIGBUS +++ [pid 2159] +++ killed by SIGBUS +++ [pid 2176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2171] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2176] memfd_create("syzkaller", 0 [pid 2171] <... futex resumed>) = 1 [pid 2170] <... futex resumed>) = 0 [pid 2153] <... futex resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2159, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2176] <... memfd_create resumed>) = 3 [pid 2171] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2170] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2170] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2154] <... futex resumed>) = 0 [pid 2153] <... futex resumed>) = 1 [pid 2151] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2149] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] <... mmap resumed>) = 0x7f0ae48af000 [pid 2172] <... futex resumed>) = ? [pid 2170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2154] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2149] <... futex resumed>) = ? [pid 2172] +++ killed by SIGBUS +++ [pid 2151] +++ killed by SIGBUS +++ [pid 2149] +++ killed by SIGBUS +++ [pid 2170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2170] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2170] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2170] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2154] <... mmap resumed>) = 0x200000000000 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2149, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2170] <... clone3 resumed> => {parent_tid=[2177]}, 88) = 2177 [pid 2154] <... futex resumed>) = 1 [pid 2153] <... futex resumed>) = 0 [pid 2170] rt_sigprocmask(SIG_SETMASK, [], [pid 2154] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2153] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2177 attached [pid 2176] <... write resumed>) = 524288 [pid 2170] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2177] set_robust_list(0x7f0aecccf9a0, 24 [pid 2176] munmap(0x7f0ae48af000, 138412032 [pid 2170] <... futex resumed>) = 0 [pid 2177] <... set_robust_list resumed>) = 0 [pid 2176] <... munmap resumed>) = 0 [pid 2170] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2177] rt_sigprocmask(SIG_SETMASK, [], [pid 2176] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2176] <... openat resumed>) = 4 [pid 2177] memfd_create("syzkaller", 0 [pid 2176] ioctl(4, LOOP_SET_FD, 3 [pid 2177] <... memfd_create resumed>) = 3 [pid 2177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2177] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2177] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] <... ioctl resumed>) = 0 [pid 2176] close(3) = 0 [pid 2176] close(4 [pid 290] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 290] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2154] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2177] <... openat resumed>) = 4 [pid 2176] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2177] ioctl(4, LOOP_SET_FD, 3 [pid 2153] <... futex resumed>) = ? [pid 2176] mkdir("./file2", 0777 [pid 2171] <... futex resumed>) = ? [pid 290] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2176] <... mkdir resumed>) = 0 [pid 2171] +++ killed by SIGBUS +++ [pid 290] <... openat resumed>) = 3 [pid 2176] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] newfstatat(3, "", [pid 288] <... openat resumed>) = 3 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(3, "", [pid 290] getdents64(3, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2154] +++ killed by SIGBUS +++ [pid 2153] +++ killed by SIGBUS +++ [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2153, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 51.655875][ T2162] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 51.656827][ T2151] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 51.689262][ T2154] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2177] <... ioctl resumed>) = 0 [pid 2177] close(3) = 0 [pid 2177] close(4 [pid 2176] <... mount resumed>) = 0 [pid 2176] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2176] chdir("./file2") = 0 [pid 2176] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2177] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 290] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./62/file2", [pid 289] newfstatat(AT_FDCWD, "./60/file2", [pid 288] newfstatat(AT_FDCWD, "./59/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 4 [pid 290] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 288] newfstatat(4, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4 [pid 289] close(4 [pid 288] close(4 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 290] rmdir("./62/file2" [pid 289] rmdir("./60/file2" [pid 288] rmdir("./59/file2" [pid 2177] mkdir("./file2", 0777 [pid 2176] <... openat resumed>) = 4 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 290] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./62/binderfs", [pid 289] newfstatat(AT_FDCWD, "./60/binderfs", [pid 288] newfstatat(AT_FDCWD, "./59/binderfs", [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./62/binderfs" [pid 289] unlink("./60/binderfs" [pid 288] unlink("./59/binderfs" [pid 2177] <... mkdir resumed>) = 0 [pid 2176] ioctl(4, LOOP_CLR_FD [pid 290] <... unlink resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 2177] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2176] <... ioctl resumed>) = 0 [pid 290] getdents64(3, [pid 289] getdents64(3, [pid 288] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2176] close(4 [pid 290] close(3 [pid 289] close(3 [pid 288] close(3 [pid 2176] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 290] rmdir("./62" [pid 289] rmdir("./60" [pid 288] rmdir("./59" [pid 290] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 290] mkdir("./63", 0777 [pid 289] mkdir("./61", 0777 [pid 288] mkdir("./60", 0777 [pid 290] <... mkdir resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 2176] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 2176] <... futex resumed>) = 1 [pid 2174] <... futex resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2176] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 289] close(3 [pid 288] close(3 [pid 2176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2174] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2176] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2174] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 2176] <... openat resumed>) = 4 [pid 2176] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2182 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2183 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2185 [pid 2176] <... futex resumed>) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2176] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2174] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2182 attached [pid 2182] set_robust_list(0x555594a056a0, 24 [pid 2176] write(4, "#! \n", 4 [pid 2174] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] <... set_robust_list resumed>) = 0 [pid 2176] <... write resumed>) = 4 [pid 2174] <... futex resumed>) = 0 [pid 2176] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2176] <... futex resumed>) = 0 [pid 2174] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2176] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2182] chdir("./63" [pid 2174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2182] <... chdir resumed>) = 0 [pid 2182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2174] <... clone3 resumed> => {parent_tid=[2186]}, 88) = 2186 [pid 2182] setpgid(0, 0 [pid 2174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2182] <... setpgid resumed>) = 0 [pid 2174] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2182] write(3, "1000", 4) = 4 [pid 2182] close(3) = 0 [pid 2182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2182] write(1, "executing program\n", 18) = 18 [pid 2182] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2182] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2182] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2187]}, 88) = 2187 [pid 2182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2182] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2182] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2187 attached [pid 2187] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2187] memfd_create("syzkaller", 0) = 3 [pid 2187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 2186 attached [pid 2187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2186] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2186] write(4, "#! \n", 4) = 4 [pid 2186] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... futex resumed>) = 0 [pid 2186] <... futex resumed>) = 1 [pid 2174] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2186] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] <... futex resumed>) = 1 [pid 2176] <... futex resumed>) = 0 [pid 2174] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2187] <... write resumed>) = 524288 [pid 2187] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2176] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2187] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2176] <... mmap resumed>) = 0x200000000000 [pid 2187] ioctl(4, LOOP_SET_FD, 3 [pid 2176] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 ./strace-static-x86_64: Process 2183 attached [pid 2183] set_robust_list(0x555594a056a0, 24executing program executing program ) = 0 [pid 2174] <... futex resumed>) = 0 [pid 2176] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2174] <... futex resumed>) = 0 [pid 2183] chdir("./61") = 0 [pid 2183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2183] setpgid(0, 0) = 0 [pid 2183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2183] write(3, "1000", 4) = 4 [pid 2183] close(3) = 0 [pid 2183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2183] write(1, "executing program\n", 18) = 18 [pid 2183] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2183] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2190]}, 88) = 2190 [pid 2183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2183] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2183] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2190 attached [pid 2190] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2190] memfd_create("syzkaller", 0) = 3 [pid 2190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2190] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2190] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 2185 attached [pid 2185] set_robust_list(0x555594a056a0, 24) = 0 [pid 2185] chdir("./60") = 0 [pid 2185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2185] setpgid(0, 0) = 0 [pid 2185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2185] write(3, "1000", 4) = 4 [pid 2185] close(3) = 0 [pid 2185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2185] write(1, "executing program\n", 18) = 18 [pid 2185] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2185] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2185] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2191]}, 88) = 2191 [pid 2185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2191 attached [pid 2191] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2191] memfd_create("syzkaller", 0) = 3 [pid 2191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2191] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2191] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2190] <... openat resumed>) = 4 [pid 2187] <... ioctl resumed>) = 0 [pid 2190] ioctl(4, LOOP_SET_FD, 3 [pid 2187] close(3) = 0 [pid 2187] close(4 [pid 2174] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2176] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2186] <... futex resumed>) = ? [pid 2174] <... futex resumed>) = ? [pid 2186] +++ killed by SIGBUS +++ [pid 2177] <... mount resumed>) = 0 [pid 2177] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2177] chdir("./file2") = 0 [pid 2177] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2190] <... ioctl resumed>) = 0 [pid 2191] <... openat resumed>) = 4 [pid 2191] ioctl(4, LOOP_SET_FD, 3 [pid 2190] close(3) = 0 [pid 2190] close(4 [pid 2176] +++ killed by SIGBUS +++ [pid 2174] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2174, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2191] <... ioctl resumed>) = 0 [pid 2187] <... close resumed>) = 0 [pid 2177] <... openat resumed>) = 4 [pid 2191] close(3 [pid 2187] mkdir("./file2", 0777 [pid 2177] ioctl(4, LOOP_CLR_FD [pid 2191] <... close resumed>) = 0 [pid 2191] close(4 [pid 2187] <... mkdir resumed>) = 0 [pid 2187] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 51.973275][ T2176] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2190] <... close resumed>) = 0 [pid 2177] <... ioctl resumed>) = 0 [pid 2177] close(4 [pid 2190] mkdir("./file2", 0777) = 0 [pid 2190] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2191] <... close resumed>) = 0 [pid 2191] mkdir("./file2", 0777) = 0 [pid 2191] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2177] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 2177] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2177] <... futex resumed>) = 1 [pid 2170] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2177] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2170] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(AT_FDCWD, "./64/file2", [pid 2177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2170] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2177] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2170] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2177] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2177] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2177] <... futex resumed>) = 1 [pid 2170] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 2177] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2170] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(4, "", [pid 2177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2170] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2177] write(4, "#! \n", 4 [pid 2170] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(4, [pid 2177] <... write resumed>) = 4 [pid 2170] <... futex resumed>) = 0 [pid 2170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2177] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2177] <... futex resumed>) = 0 [pid 2170] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2191] <... mount resumed>) = 0 [pid 287] getdents64(4, [pid 2191] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2177] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2170] <... mprotect resumed>) = 0 [pid 2191] <... openat resumed>) = 3 [pid 2170] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2191] chdir("./file2" [pid 2170] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2191] <... chdir resumed>) = 0 [pid 2170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] close(4 [pid 2191] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2170] <... clone3 resumed> => {parent_tid=[2201]}, 88) = 2201 [pid 287] <... close resumed>) = 0 [pid 2191] ioctl(4, LOOP_CLR_FD [pid 2170] rt_sigprocmask(SIG_SETMASK, [], [pid 287] rmdir("./64/file2" [pid 2191] <... ioctl resumed>) = 0 [pid 2170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2191] close(4 [pid 2170] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2201 attached [pid 2191] <... close resumed>) = 0 [pid 2170] <... futex resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 2191] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] <... futex resumed>) = 1 [pid 2185] <... futex resumed>) = 0 [pid 287] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2191] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2185] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2191] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] <... openat resumed>) = 4 [pid 287] newfstatat(AT_FDCWD, "./64/binderfs", [pid 2191] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2185] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2191] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] unlink("./64/binderfs" [pid 2191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2190] <... mount resumed>) = 0 [pid 2187] <... mount resumed>) = 0 [pid 2185] <... futex resumed>) = 0 [pid 2191] write(4, "#! \n", 4 [pid 2190] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2187] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2185] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... unlink resumed>) = 0 [pid 2191] <... write resumed>) = 4 [pid 2190] <... openat resumed>) = 3 [pid 2187] <... openat resumed>) = 3 [pid 2185] <... futex resumed>) = 0 [pid 2191] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] chdir("./file2" [pid 2187] chdir("./file2" [pid 2185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] getdents64(3, [pid 2191] <... futex resumed>) = 0 [pid 2190] <... chdir resumed>) = 0 [pid 2187] <... chdir resumed>) = 0 [pid 2185] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2191] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2190] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2187] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2185] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2190] <... openat resumed>) = 4 [pid 2187] <... openat resumed>) = 4 [pid 2185] <... mprotect resumed>) = 0 [pid 2190] ioctl(4, LOOP_CLR_FD [pid 2187] ioctl(4, LOOP_CLR_FD [pid 2185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] close(3 [pid 2190] <... ioctl resumed>) = 0 [pid 2187] <... ioctl resumed>) = 0 [pid 2185] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2190] close(4 [pid 2187] close(4 [pid 2185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] <... close resumed>) = 0 [pid 2201] set_robust_list(0x7f0aeccae9a0, 24 [pid 2190] <... close resumed>) = 0 [pid 2187] <... close resumed>) = 0 [pid 287] rmdir("./64" [pid 2201] <... set_robust_list resumed>) = 0 [pid 2190] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2185] <... clone3 resumed> => {parent_tid=[2202]}, 88) = 2202 [pid 2190] <... futex resumed>) = 1 [pid 2187] <... futex resumed>) = 1 [pid 2185] rt_sigprocmask(SIG_SETMASK, [], [pid 2183] <... futex resumed>) = 0 [pid 2182] <... futex resumed>) = 0 [pid 2201] rt_sigprocmask(SIG_SETMASK, [], [pid 2190] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2183] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... rmdir resumed>) = 0 [pid 2190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2185] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] <... futex resumed>) = 0 [pid 2182] <... futex resumed>) = 0 [pid 2201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] mkdir("./65", 0777 [pid 2201] write(4, "#! \n", 4 [pid 2190] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2187] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2185] <... futex resumed>) = 0 [pid 2183] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2202 attached [pid 2201] <... write resumed>) = 4 [pid 2190] <... openat resumed>) = 4 [pid 2187] <... openat resumed>) = 4 [pid 2185] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... mkdir resumed>) = 0 [pid 2201] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2201] <... futex resumed>) = 1 [pid 2190] <... futex resumed>) = 1 [pid 2187] <... futex resumed>) = 1 [pid 2183] <... futex resumed>) = 0 [pid 2182] <... futex resumed>) = 0 [pid 2170] <... futex resumed>) = 0 [pid 2201] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2190] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2183] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2170] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... openat resumed>) = 3 [pid 2190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2183] <... futex resumed>) = 0 [pid 2182] <... futex resumed>) = 0 [pid 2177] <... futex resumed>) = 0 [pid 2170] <... futex resumed>) = 1 [pid 2202] set_robust_list(0x7f0aeccae9a0, 24 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2202] <... set_robust_list resumed>) = 0 [pid 2190] write(4, "#! \n", 4 [pid 2187] write(4, "#! \n", 4 [pid 2183] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2177] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2170] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2190] <... write resumed>) = 4 [pid 2183] <... futex resumed>) = 0 [pid 2182] <... futex resumed>) = 0 [pid 2187] <... write resumed>) = 4 [pid 2202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2177] <... mmap resumed>) = 0x200000000000 [pid 2183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] close(3 [pid 2190] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2177] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2182] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... close resumed>) = 0 [pid 2177] <... futex resumed>) = 1 [pid 2170] <... futex resumed>) = 0 [pid 2190] <... futex resumed>) = 0 [pid 2187] <... futex resumed>) = 0 [pid 2183] <... mprotect resumed>) = 0 [pid 2182] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2170] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2202] write(4, "#! \n", 4) = 4 [pid 2202] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2185] <... futex resumed>) = 0 [pid 2202] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2191] <... futex resumed>) = 0 [pid 2185] <... futex resumed>) = 1 [pid 2191] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] <... mmap resumed>) = 0x200000000000 [pid 2191] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2185] <... futex resumed>) = 0 [pid 2191] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2185] <... futex resumed>) = 0 [pid 2190] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2183] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2182] <... mprotect resumed>) = 0 [pid 2170] <... futex resumed>) = 0 [pid 2183] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2182] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2170] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2203 [pid 2183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2182] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2183] <... clone3 resumed> => {parent_tid=[2204]}, 88) = 2204 [pid 2183] rt_sigprocmask(SIG_SETMASK, [], [pid 2182] <... clone3 resumed> => {parent_tid=[2205]}, 88) = 2205 [pid 2183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2182] rt_sigprocmask(SIG_SETMASK, [], [pid 2183] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2183] <... futex resumed>) = 0 [pid 2182] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] <... futex resumed>) = 0 [pid 2182] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2203 attached [pid 2203] set_robust_list(0x555594a056a0, 24) = 0 [pid 2203] chdir("./65") = 0 [pid 2203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2203] setpgid(0, 0) = 0 [pid 2203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2203] write(3, "1000", 4) = 4 [pid 2203] close(3) = 0 [pid 2203] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 2204 attached [pid 2204] set_robust_list(0x7f0aeccae9a0, 24./strace-static-x86_64: Process 2205 attached ) = 0 [pid 2185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2191] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- executing program [pid 2205] set_robust_list(0x7f0aeccae9a0, 24 [pid 2204] rt_sigprocmask(SIG_SETMASK, [], [pid 2203] write(1, "executing program\n", 18 [pid 2202] <... futex resumed>) = ? [pid 2185] <... futex resumed>) = ? [pid 2177] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2205] <... set_robust_list resumed>) = 0 [pid 2204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2203] <... write resumed>) = 18 [pid 2202] +++ killed by SIGBUS +++ [pid 2205] rt_sigprocmask(SIG_SETMASK, [], [pid 2204] write(4, "#! \n", 4 [pid 2203] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2201] <... futex resumed>) = ? [pid 2191] +++ killed by SIGBUS +++ [pid 2185] +++ killed by SIGBUS +++ [pid 2170] <... futex resumed>) = ? [pid 2205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2204] <... write resumed>) = 4 [pid 2203] <... futex resumed>) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2185, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2201] +++ killed by SIGBUS +++ [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2205] write(4, "#! \n", 4 [pid 2204] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2205] <... write resumed>) = 4 [pid 2204] <... futex resumed>) = 1 [pid 2203] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2183] <... futex resumed>) = 0 [pid 2205] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2204] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2203] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2183] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2205] <... futex resumed>) = 1 [pid 2203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2190] <... futex resumed>) = 0 [pid 2183] <... futex resumed>) = 1 [pid 2182] <... futex resumed>) = 0 [pid 2205] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2190] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2183] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2190] <... mmap resumed>) = 0x200000000000 [pid 2187] <... futex resumed>) = 0 [pid 2182] <... futex resumed>) = 1 [pid 288] <... restart_syscall resumed>) = 0 [pid 2190] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2187] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2182] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] <... futex resumed>) = 1 [pid 2187] <... mmap resumed>) = 0x200000000000 [pid 2190] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] <... futex resumed>) = 0 [pid 2187] <... futex resumed>) = 1 [pid 2183] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2182] <... futex resumed>) = 0 [pid 288] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2190] <... futex resumed>) = 0 [pid 2187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2183] <... futex resumed>) = 1 [pid 2182] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2203] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2206]}, 88) = 2206 [pid 2203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2203] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2203] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2177] +++ killed by SIGBUS +++ [pid 2170] +++ killed by SIGBUS +++ [pid 2187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2183] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2182] <... futex resumed>) = 0 [pid 288] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2182] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2170, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 288] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... openat resumed>) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 52.188339][ T2177] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 52.189173][ T2191] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 52.220978][ T2190] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2206 attached [pid 2206] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2206] memfd_create("syzkaller", 0) = 3 [pid 2206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2206] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2206] ioctl(4, LOOP_SET_FD, 3 [pid 2190] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2204] <... futex resumed>) = ? [pid 2183] <... futex resumed>) = ? [pid 2204] +++ killed by SIGBUS +++ [pid 2190] +++ killed by SIGBUS +++ [pid 2183] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2183, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2206] <... ioctl resumed>) = 0 [pid 2187] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2206] close(3) = 0 [pid 2206] close(4) = 0 [pid 2206] mkdir("./file2", 0777) = 0 [pid 2206] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2182] <... futex resumed>) = ? [pid 2205] <... futex resumed>) = ? [pid 2205] +++ killed by SIGBUS +++ [pid 2187] +++ killed by SIGBUS +++ [pid 2182] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2182, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2206] <... mount resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 2206] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 290] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2206] chdir("./file2" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2206] <... chdir resumed>) = 0 [pid 2206] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 52.222178][ T2187] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./61/file2") = 0 [pid 289] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./61/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./61") = 0 [pid 289] mkdir("./62", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2210 ./strace-static-x86_64: Process 2210 attached [pid 2210] set_robust_list(0x555594a056a0, 24) = 0 [pid 2210] chdir("./62") = 0 [pid 2210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2210] setpgid(0, 0) = 0 [pid 2210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] <... umount2 resumed>) = 0 [pid 2210] <... openat resumed>) = 3 [pid 2210] write(3, "1000", 4) = 4 [pid 2210] close(3) = 0 [pid 2210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2210] write(1, "executing program\n", 18executing program ) = 18 [pid 2210] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2210] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 288] <... umount2 resumed>) = 0 [pid 2210] <... mprotect resumed>) = 0 [pid 2210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2211]}, 88) = 2211 [pid 2210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2210] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2206] <... openat resumed>) = 4 [pid 291] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2211 attached [pid 2211] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2211] memfd_create("syzkaller", 0) = 3 [pid 2211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2206] ioctl(4, LOOP_CLR_FD [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2206] <... ioctl resumed>) = 0 [pid 290] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(AT_FDCWD, "./60/file2", [pid 291] newfstatat(AT_FDCWD, "./62/file2", [pid 2206] close(4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2206] <... close resumed>) = 0 [pid 291] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./63/file2", [pid 288] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2206] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2206] <... futex resumed>) = 1 [pid 2203] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2206] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2203] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... openat resumed>) = 4 [pid 2206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2203] <... futex resumed>) = 0 [pid 291] newfstatat(4, "", [pid 290] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] newfstatat(4, "", [pid 2206] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2203] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... openat resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2206] <... openat resumed>) = 4 [pid 291] getdents64(4, [pid 290] newfstatat(4, "", [pid 288] getdents64(4, [pid 2206] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2206] <... futex resumed>) = 1 [pid 2203] <... futex resumed>) = 0 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 288] getdents64(4, [pid 2206] write(4, "#! \n", 4 [pid 2203] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2206] <... write resumed>) = 4 [pid 2203] <... futex resumed>) = 0 [pid 291] close(4 [pid 290] getdents64(4, [pid 288] close(4 [pid 2206] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2203] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... close resumed>) = 0 [pid 2206] <... futex resumed>) = 0 [pid 2203] <... futex resumed>) = 0 [pid 291] rmdir("./62/file2" [pid 290] close(4 [pid 288] rmdir("./60/file2" [pid 2206] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 2203] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] rmdir("./63/file2" [pid 288] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2203] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... rmdir resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2203] <... mprotect resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./62/binderfs", [pid 290] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(AT_FDCWD, "./60/binderfs", [pid 2211] <... write resumed>) = 524288 [pid 2203] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2203] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] unlink("./62/binderfs" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2211] munmap(0x7f0ae48af000, 138412032 [pid 291] <... unlink resumed>) = 0 [pid 291] getdents64(3, [pid 290] newfstatat(AT_FDCWD, "./63/binderfs", [pid 288] unlink("./60/binderfs" [pid 2203] <... clone3 resumed> => {parent_tid=[2212]}, 88) = 2212 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... unlink resumed>) = 0 [pid 2203] rt_sigprocmask(SIG_SETMASK, [], [pid 291] close(3 [pid 290] unlink("./63/binderfs" [pid 288] getdents64(3, [pid 2203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2203] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./62" [pid 290] <... unlink resumed>) = 0 [pid 288] close(3 [pid 2203] <... futex resumed>) = 0 [pid 2211] <... munmap resumed>) = 0 [pid 2211] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 291] <... rmdir resumed>) = 0 [pid 2203] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] mkdir("./63", 0777 [pid 290] getdents64(3, [pid 288] <... close resumed>) = 0 [pid 2211] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... mkdir resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] rmdir("./60"./strace-static-x86_64: Process 2212 attached [pid 2211] <... ioctl resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] close(3 [pid 288] <... rmdir resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] <... close resumed>) = 0 [pid 288] mkdir("./61", 0777 [pid 2212] set_robust_list(0x7f0aeccae9a0, 24 [pid 2211] close(3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 2212] <... set_robust_list resumed>) = 0 [pid 2212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2212] write(4, "#! \n", 4) = 4 [pid 2211] <... close resumed>) = 0 [pid 2211] close(4) = 0 [pid 2212] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] rmdir("./63" [pid 288] <... mkdir resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2203] <... futex resumed>) = 0 [pid 2203] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2206] <... futex resumed>) = 0 [pid 2203] <... futex resumed>) = 1 [pid 2206] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2203] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2206] <... mmap resumed>) = 0x200000000000 [pid 2206] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2203] <... futex resumed>) = 0 [pid 2206] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2203] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 291] close(3 [pid 2206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2203] <... futex resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2212] <... futex resumed>) = 1 [pid 2211] mkdir("./file2", 0777 [pid 291] <... close resumed>) = 0 [pid 290] mkdir("./64", 0777 [pid 288] <... openat resumed>) = 3 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... mkdir resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2214 [pid 290] <... openat resumed>) = 3 [pid 288] close(3 [pid 2212] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2211] <... mkdir resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2211] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] close(3) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2215 [pid 2203] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2216 [pid 2206] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2212] <... futex resumed>) = ? [pid 2203] <... futex resumed>) = ? ./strace-static-x86_64: Process 2214 attached [pid 2214] set_robust_list(0x555594a056a0, 24) = 0 [pid 2214] chdir("./63") = 0 [pid 2214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2214] setpgid(0, 0) = 0 [pid 2214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2214] write(3, "1000", 4) = 4 [pid 2214] close(3) = 0 [pid 2214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2214] write(1, "executing program\n", 18executing program ) = 18 [pid 2214] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2214] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2212] +++ killed by SIGBUS +++ [pid 2214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2206] +++ killed by SIGBUS +++ [pid 2203] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2203, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2219]}, 88) = 2219 [pid 2214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2219 attached [pid 2219] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2219] memfd_create("syzkaller", 0) = 3 [pid 2219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 2216 attached ./strace-static-x86_64: Process 2215 attached [pid 2216] set_robust_list(0x555594a056a0, 24) = 0 [pid 2215] set_robust_list(0x555594a056a0, 24 [pid 2211] <... mount resumed>) = 0 [pid 2211] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2211] chdir("./file2") = 0 [pid 2211] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2211] ioctl(4, LOOP_CLR_FD) = 0 [pid 2211] close(4) = 0 [pid 2211] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2210] <... futex resumed>) = 0 [pid 2210] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2211] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 2211] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2210] <... futex resumed>) = 0 [pid 2210] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2210] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2211] write(4, "#! \n", 4) = 4 [pid 2210] <... clone3 resumed> => {parent_tid=[2220]}, 88) = 2220 [pid 2211] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2210] rt_sigprocmask(SIG_SETMASK, [], [pid 2211] <... futex resumed>) = 0 [pid 2210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2211] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2210] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2220 attached [pid 2220] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2220] write(4, "#! \n", 4) = 4 [pid 2220] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2210] <... futex resumed>) = 0 [pid 2210] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2211] <... futex resumed>) = 0 [pid 2210] <... futex resumed>) = 1 [pid 2211] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2210] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2211] <... mmap resumed>) = 0x200000000000 [pid 287] <... restart_syscall resumed>) = 0 [pid 2211] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2210] <... futex resumed>) = 0 [pid 2220] <... futex resumed>) = 1 [pid 2219] <... write resumed>) = 524288 [pid 2216] chdir("./64" [pid 2215] <... set_robust_list resumed>) = 0 [pid 2210] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2216] <... chdir resumed>) = 0 [pid 2216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2216] setpgid(0, 0) = 0 [pid 2216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2216] write(3, "1000", 4) = 4 [pid 2216] close(3) = 0 [pid 2216] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2216] write(1, "executing program\n", 18) = 18 [pid 2216] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2216] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2216] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2221]}, 88) = 2221 [pid 2216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2216] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2216] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2215] chdir("./61") = 0 [pid 2215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2215] setpgid(0, 0) = 0 [pid 2215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2215] write(3, "1000", 4) = 4 [pid 2215] close(3) = 0 [pid 2215] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2215] write(1, "executing program\n", 18) = 18 [pid 2215] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2215] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 52.479608][ T2206] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2215] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2220] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2215] <... clone3 resumed> => {parent_tid=[2222]}, 88) = 2222 [pid 2215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2219] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2219] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2219] ioctl(4, LOOP_SET_FD, 3 [pid 2211] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2210] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2222 attached ./strace-static-x86_64: Process 2221 attached [pid 287] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2219] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2219] close(3) = 0 [pid 2219] close(4 [pid 287] newfstatat(3, "", [pid 2219] <... close resumed>) = 0 [pid 2219] mkdir("./file2", 0777 [pid 2222] set_robust_list(0x7f0aecccf9a0, 24 [pid 2221] set_robust_list(0x7f0aecccf9a0, 24 [pid 2219] <... mkdir resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2219] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2222] <... set_robust_list resumed>) = 0 [pid 2221] <... set_robust_list resumed>) = 0 [pid 287] getdents64(3, [pid 2220] <... futex resumed>) = ? [pid 2210] <... futex resumed>) = ? [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2221] rt_sigprocmask(SIG_SETMASK, [], [pid 287] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2222] rt_sigprocmask(SIG_SETMASK, [], [pid 2221] memfd_create("syzkaller", 0 [pid 2220] +++ killed by SIGBUS +++ [pid 2222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2221] <... memfd_create resumed>) = 3 [pid 2211] +++ killed by SIGBUS +++ [pid 2210] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2210, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2222] memfd_create("syzkaller", 0) = 3 [pid 2222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2221] <... write resumed>) = 524288 [pid 2221] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2221] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2222] <... write resumed>) = 524288 [pid 2222] munmap(0x7f0ae48af000, 138412032 [pid 2219] <... mount resumed>) = 0 [pid 2222] <... munmap resumed>) = 0 [pid 2222] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2219] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2219] chdir("./file2") = 0 [pid 2219] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./65/file2") = 0 [pid 287] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./65/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./65") = 0 [pid 287] mkdir("./66", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2221] <... openat resumed>) = 4 [pid 2221] ioctl(4, LOOP_SET_FD, 3 [pid 2219] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2222] <... openat resumed>) = 4 [pid 2221] <... ioctl resumed>) = 0 [pid 2219] ioctl(4, LOOP_CLR_FD [pid 2221] close(3) = 0 [pid 2221] close(4 [pid 2222] ioctl(4, LOOP_SET_FD, 3 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 52.517076][ T2211] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] newfstatat(AT_FDCWD, "./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./62/file2") = 0 [pid 289] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./62/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./62") = 0 [pid 289] mkdir("./63", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2221] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 2221] mkdir("./file2", 0777 [pid 2222] <... ioctl resumed>) = 0 [pid 2221] <... mkdir resumed>) = 0 [pid 2219] <... ioctl resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... close resumed>) = 0 [pid 2222] close(3 [pid 2221] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2219] close(4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2222] <... close resumed>) = 0 [pid 2219] <... close resumed>) = 0 [pid 2222] close(4 [pid 2219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2228 [pid 2219] <... futex resumed>) = 1 [pid 2219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 2228 attached [pid 2228] set_robust_list(0x555594a056a0, 24) = 0 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] <... futex resumed>) = 0 [pid 2214] <... futex resumed>) = 1 [pid 2219] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2228] chdir("./66" [pid 2219] <... openat resumed>) = 4 [pid 2219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 [pid 2219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2214] <... futex resumed>) = 0 [pid 2219] write(4, "#! \n", 4 [pid 2214] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] <... chdir resumed>) = 0 [pid 2219] <... write resumed>) = 4 [pid 2214] <... futex resumed>) = 0 [pid 2219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2219] <... futex resumed>) = 0 [pid 2214] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2214] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2214] <... mprotect resumed>) = 0 [pid 2228] setpgid(0, 0) = 0 [pid 2214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2229]}, 88) = 2229 [pid 2214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2214] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2229 attached ) = 0 [pid 2214] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2229] set_robust_list(0x7f0aeccae9a0, 24 [pid 2228] <... openat resumed>) = 3 [pid 2229] <... set_robust_list resumed>) = 0 [pid 2228] write(3, "1000", 4 [pid 2229] rt_sigprocmask(SIG_SETMASK, [], [pid 2228] <... write resumed>) = 4 [pid 2229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2228] close(3 [pid 2229] write(4, "#! \n", 4 [pid 2228] <... close resumed>) = 0 [pid 2228] symlink("/dev/binderfs", "./binderfs" [pid 2229] <... write resumed>) = 4 [pid 2229] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] <... futex resumed>) = 0 [pid 2214] <... futex resumed>) = 1 [pid 2219] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2219] <... mmap resumed>) = 0x200000000000 [pid 2219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 executing program [pid 2229] <... futex resumed>) = 1 [pid 2228] <... symlink resumed>) = 0 [pid 2214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] write(1, "executing program\n", 18) = 18 [pid 2228] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2228] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2230]}, 88) = 2230 [pid 2228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2229] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2230 attached [pid 2230] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2230] memfd_create("syzkaller", 0) = 3 [pid 2230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2230] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2230] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2219] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2229] <... futex resumed>) = ? [pid 2214] <... futex resumed>) = ? [pid 2229] +++ killed by SIGBUS +++ [pid 2219] +++ killed by SIGBUS +++ [pid 2214] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2214, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2222] <... close resumed>) = 0 [pid 2222] mkdir("./file2", 0777) = 0 [pid 2222] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2230] <... openat resumed>) = 4 [pid 2230] ioctl(4, LOOP_SET_FD, 3 [pid 289] close(3 [pid 2230] <... ioctl resumed>) = 0 [pid 2230] close(3) = 0 [pid 2230] close(4 [pid 2221] <... mount resumed>) = 0 [pid 2221] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2221] chdir("./file2") = 0 [ 52.620010][ T2219] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2221] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2234 ./strace-static-x86_64: Process 2234 attached [pid 2234] set_robust_list(0x555594a056a0, 24) = 0 [pid 2234] chdir("./63") = 0 [pid 2234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2234] setpgid(0, 0) = 0 [pid 2234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2234] write(3, "1000", 4) = 4 [pid 2234] close(3) = 0 [pid 2234] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2234] write(1, "executing program\n", 18) = 18 [pid 2234] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2234] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2235 attached => {parent_tid=[2235]}, 88) = 2235 [pid 2235] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2234] rt_sigprocmask(SIG_SETMASK, [], [pid 2235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2235] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2234] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2235] <... futex resumed>) = 0 [pid 2235] memfd_create("syzkaller", 0 [pid 2234] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2235] <... memfd_create resumed>) = 3 [pid 2235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2235] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2235] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2222] <... mount resumed>) = 0 [pid 2222] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2222] chdir("./file2") = 0 [pid 2222] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2230] <... close resumed>) = 0 [pid 2222] <... openat resumed>) = 4 [pid 2221] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 2230] mkdir("./file2", 0777 [pid 2222] ioctl(4, LOOP_CLR_FD [pid 2221] ioctl(4, LOOP_CLR_FD [pid 291] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2235] <... openat resumed>) = 4 [pid 2222] <... ioctl resumed>) = 0 [pid 2221] <... ioctl resumed>) = 0 [pid 2235] ioctl(4, LOOP_SET_FD, 3 [pid 2222] close(4 [pid 2221] close(4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2230] <... mkdir resumed>) = 0 [pid 2222] <... close resumed>) = 0 [pid 2221] <... close resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./63/file2", [pid 2230] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2222] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2222] <... futex resumed>) = 1 [pid 2221] <... futex resumed>) = 1 [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 291] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2222] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2221] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2216] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 2222] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2221] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2216] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2235] <... ioctl resumed>) = 0 [pid 2222] <... openat resumed>) = 4 [pid 2221] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 4 [pid 2235] close(3 [pid 2222] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 2235] <... close resumed>) = 0 [pid 2222] <... futex resumed>) = 1 [pid 2221] <... futex resumed>) = 1 [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2235] close(4 [pid 2222] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2221] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2216] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 2222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2222] write(4, "#! \n", 4 [pid 2221] write(4, "#! \n", 4 [pid 2216] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 2222] <... write resumed>) = 4 [pid 2221] <... write resumed>) = 4 [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2222] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] close(4 [pid 2222] <... futex resumed>) = 0 [pid 2221] <... futex resumed>) = 0 [pid 2216] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2215] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... close resumed>) = 0 [pid 2222] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2221] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2216] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2215] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] rmdir("./63/file2" [pid 2216] <... mprotect resumed>) = 0 [pid 2215] <... mprotect resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2216] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2215] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2216] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2215] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2216] <... clone3 resumed> => {parent_tid=[2239]}, 88) = 2239 [pid 2215] <... clone3 resumed> => {parent_tid=[2240]}, 88) = 2240 [pid 291] unlink("./63/binderfs"./strace-static-x86_64: Process 2240 attached ./strace-static-x86_64: Process 2239 attached [pid 2216] rt_sigprocmask(SIG_SETMASK, [], [pid 2215] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... unlink resumed>) = 0 [pid 2216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] getdents64(3, [pid 2216] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 291] close(3 [pid 2216] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2215] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... close resumed>) = 0 [pid 2239] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] rmdir("./63" [pid 2240] set_robust_list(0x7f0aeccae9a0, 24 [pid 2239] <... set_robust_list resumed>) = 0 [pid 2240] <... set_robust_list resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 291] mkdir("./64", 0777 [pid 2240] rt_sigprocmask(SIG_SETMASK, [], [pid 2239] rt_sigprocmask(SIG_SETMASK, [], [pid 2240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2240] write(4, "#! \n", 4 [pid 2239] write(4, "#! \n", 4 [pid 2240] <... write resumed>) = 4 [pid 2239] <... write resumed>) = 4 [pid 2240] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2239] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] <... futex resumed>) = 0 [pid 2240] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2239] <... futex resumed>) = 1 [pid 2216] <... futex resumed>) = 0 [pid 2215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2239] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2216] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2222] <... futex resumed>) = 0 [pid 2221] <... futex resumed>) = 0 [pid 2216] <... futex resumed>) = 1 [pid 2215] <... futex resumed>) = 1 [pid 2230] <... mount resumed>) = 0 [pid 2222] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2221] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2216] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2222] <... mmap resumed>) = 0x200000000000 [pid 2221] <... mmap resumed>) = 0x200000000000 [pid 2230] <... openat resumed>) = 3 [pid 2222] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] chdir("./file2" [pid 2222] <... futex resumed>) = 1 [pid 2221] <... futex resumed>) = 1 [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 2230] <... chdir resumed>) = 0 [pid 2222] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2221] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2216] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2216] <... futex resumed>) = 0 [pid 2215] <... futex resumed>) = 0 [pid 2235] <... close resumed>) = 0 [pid 2222] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2235] mkdir("./file2", 0777 [pid 2215] <... futex resumed>) = ? [pid 2235] <... mkdir resumed>) = 0 [pid 2235] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2230] <... openat resumed>) = 4 [pid 2230] ioctl(4, LOOP_CLR_FD) = 0 [pid 2230] close(4) = 0 [pid 2230] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2230] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] <... futex resumed>) = 0 [pid 2230] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] <... openat resumed>) = 4 [pid 2230] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2230] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] <... futex resumed>) = 0 [pid 2230] write(4, "#! \n", 4 [pid 2228] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] <... write resumed>) = 4 [pid 2228] <... futex resumed>) = 0 [pid 2230] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2230] <... futex resumed>) = 0 [pid 2228] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2230] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2243]}, 88) = 2243 [pid 2228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2228] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2243 attached [pid 2240] <... futex resumed>) = ? [pid 2221] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2216] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 3 [pid 2243] set_robust_list(0x7f0aeccae9a0, 24 [pid 2240] +++ killed by SIGBUS +++ [pid 2239] <... futex resumed>) = ? [pid 2216] <... futex resumed>) = ? [pid 291] ioctl(3, LOOP_CLR_FD [pid 2243] <... set_robust_list resumed>) = 0 [pid 2239] +++ killed by SIGBUS +++ [pid 2222] +++ killed by SIGBUS +++ [pid 2215] +++ killed by SIGBUS +++ [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2243] rt_sigprocmask(SIG_SETMASK, [], [pid 2221] +++ killed by SIGBUS +++ [pid 2216] +++ killed by SIGBUS +++ [pid 291] close(3 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2215, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 2243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 2243] write(4, "#! \n", 4 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2243] <... write resumed>) = 4 [pid 2243] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2243] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] <... futex resumed>) = 0 [pid 2228] <... futex resumed>) = 1 [pid 2230] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2230] <... mmap resumed>) = 0x200000000000 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2216, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2230] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2245 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2230] <... futex resumed>) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2230] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2245 attached [pid 2245] set_robust_list(0x555594a056a0, 24) = 0 [pid 2245] chdir("./64") = 0 [pid 2245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2245] setpgid(0, 0) = 0 [ 52.771737][ T2222] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 52.777433][ T2221] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2245] write(3, "1000", 4) = 4 [pid 2245] close(3executing program [pid 290] <... restart_syscall resumed>) = 0 [pid 2245] <... close resumed>) = 0 [pid 2245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2245] write(1, "executing program\n", 18 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2245] <... write resumed>) = 18 [pid 290] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2245] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2245] <... futex resumed>) = 0 [pid 290] newfstatat(3, "", [pid 288] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2245] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... openat resumed>) = 3 [pid 2245] <... rt_sigaction resumed>NULL, 8) = 0 [pid 290] getdents64(3, [pid 288] newfstatat(3, "", [pid 2245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, [pid 2245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2245] <... mmap resumed>) = 0x7f0aeccaf000 [pid 288] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2245] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2247]}, 88) = 2247 [pid 2245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2247 attached [pid 2230] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2247] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2243] <... futex resumed>) = ? [pid 2228] <... futex resumed>) = ? [pid 2247] rt_sigprocmask(SIG_SETMASK, [], [pid 2235] <... mount resumed>) = 0 [pid 2247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2235] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2247] memfd_create("syzkaller", 0 [pid 2235] <... openat resumed>) = 3 [pid 2235] chdir("./file2" [pid 2247] <... memfd_create resumed>) = 3 [pid 2243] +++ killed by SIGBUS +++ [pid 2235] <... chdir resumed>) = 0 [pid 2247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2235] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2247] <... mmap resumed>) = 0x7f0ae48af000 [pid 2230] +++ killed by SIGBUS +++ [pid 2228] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2228, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2247] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2247] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./61/file2") = 0 [pid 288] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./61/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./61") = 0 [pid 288] mkdir("./62", 0777) = 0 [ 52.814575][ T2230] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2235] <... openat resumed>) = 4 [pid 2235] ioctl(4, LOOP_CLR_FD) = 0 [pid 2235] close(4) = 0 [pid 2235] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2235] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2247] <... openat resumed>) = 4 [pid 2247] ioctl(4, LOOP_SET_FD, 3 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2234] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2247] <... ioctl resumed>) = 0 [pid 2235] <... futex resumed>) = 0 [pid 2247] close(3 [pid 2235] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2247] <... close resumed>) = 0 [pid 2247] close(4 [pid 2235] <... openat resumed>) = 4 [pid 2235] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2234] <... futex resumed>) = 0 [pid 2235] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2234] <... futex resumed>) = 0 [pid 2235] write(4, "#! \n", 4 [pid 2234] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2235] <... write resumed>) = 4 [pid 2234] <... futex resumed>) = 0 [pid 2235] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2235] <... futex resumed>) = 0 [pid 2234] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2235] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2249]}, 88) = 2249 [pid 2234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2234] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2234] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2249 attached [pid 2249] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2249] write(4, "#! \n", 4) = 4 [pid 2249] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2234] <... futex resumed>) = 0 [pid 2234] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2235] <... futex resumed>) = 0 [pid 2234] <... futex resumed>) = 1 [pid 2235] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2234] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2235] <... mmap resumed>) = 0x200000000000 [pid 2235] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2234] <... futex resumed>) = 0 [pid 2235] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2234] <... futex resumed>) = 0 [pid 2249] <... futex resumed>) = 1 [pid 2249] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2234] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2235] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2234] <... futex resumed>) = ? [pid 2249] <... futex resumed>) = ? [pid 2249] +++ killed by SIGBUS +++ [pid 2235] +++ killed by SIGBUS +++ [pid 2234] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2234, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2250 ./strace-static-x86_64: Process 2250 attached [pid 2250] set_robust_list(0x555594a056a0, 24 [pid 2247] <... close resumed>) = 0 [pid 2250] <... set_robust_list resumed>) = 0 [pid 2250] chdir("./62") = 0 [pid 2250] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2247] mkdir("./file2", 0777 [pid 287] <... umount2 resumed>) = 0 [ 52.892747][ T2235] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2250] <... prctl resumed>) = 0 [pid 2247] <... mkdir resumed>) = 0 [pid 2247] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2250] setpgid(0, 0 [pid 290] newfstatat(AT_FDCWD, "./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./66/file2", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2250] <... setpgid resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... openat resumed>) = 4 [pid 287] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(4, "", [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] getdents64(4, [pid 287] <... openat resumed>) = 4 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] newfstatat(4, "", [pid 290] getdents64(4, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] getdents64(4, [pid 290] close(4 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... close resumed>) = 0 [pid 287] getdents64(4, [pid 2250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] rmdir("./64/file2" [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2250] <... openat resumed>) = 3 [pid 2250] write(3, "1000", 4 [pid 290] <... rmdir resumed>) = 0 [pid 287] close(4 [pid 290] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] <... close resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./64/binderfs", [pid 287] rmdir("./66/file2" [pid 2250] <... write resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2250] close(3) = 0 [pid 2250] symlink("/dev/binderfs", "./binderfs" [pid 290] unlink("./64/binderfs" [pid 287] <... rmdir resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 287] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] newfstatat(AT_FDCWD, "./66/binderfs", [pid 290] close(3 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... close resumed>) = 0 [pid 287] unlink("./66/binderfs" [pid 290] rmdir("./64" [pid 2250] <... symlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 2250] write(1, "executing program\n", 18executing program ) = 18 [pid 290] <... rmdir resumed>) = 0 [pid 287] getdents64(3, [pid 290] mkdir("./65", 0777 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2250] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2250] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 287] close(3 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... close resumed>) = 0 [pid 2250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 287] rmdir("./66" [pid 2250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2250] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2250] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... rmdir resumed>) = 0 [pid 2250] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] mkdir("./67", 0777 [pid 2250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2251]}, 88) = 2251 [pid 2250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 2250] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2250] <... futex resumed>) = 0 [pid 2250] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2251 attached [pid 2251] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2251] memfd_create("syzkaller", 0) = 3 [pid 2251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2251] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2251] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 3 [pid 289] newfstatat(AT_FDCWD, "./63/file2", [pid 287] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 287] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2253 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2252 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2251] <... openat resumed>) = 4 [pid 2251] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2252 attached [pid 2252] set_robust_list(0x555594a056a0, 24) = 0 [pid 2252] chdir("./65") = 0 [pid 2252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2252] setpgid(0, 0) = 0 [pid 2252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", [pid 2252] <... openat resumed>) = 3 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2252] write(3, "1000", 4 [pid 289] getdents64(4, [pid 2252] <... write resumed>) = 4 [pid 2252] close(3 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, executing program [pid 2252] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2252] symlink("/dev/binderfs", "./binderfs" [pid 289] close(4) = 0 [pid 289] rmdir("./63/file2" [pid 2252] <... symlink resumed>) = 0 [pid 2252] write(1, "executing program\n", 18) = 18 [pid 2252] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 289] <... rmdir resumed>) = 0 [pid 2252] <... rt_sigaction resumed>NULL, 8) = 0 [pid 289] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] newfstatat(AT_FDCWD, "./63/binderfs", [pid 2252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2252] <... mmap resumed>) = 0x7f0aeccaf000 [pid 289] unlink("./63/binderfs" [pid 2252] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] <... unlink resumed>) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 2252] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... close resumed>) = 0 [pid 2252] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] rmdir("./63" [pid 2252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 289] <... rmdir resumed>) = 0 [pid 289] mkdir("./64", 0777 [pid 2252] <... clone3 resumed> => {parent_tid=[2256]}, 88) = 2256 [pid 2252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2252] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2251] <... ioctl resumed>) = 0 [pid 2251] close(3) = 0 [pid 2251] close(4) = 0 [pid 2251] mkdir("./file2", 0777) = 0 [pid 2251] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2256 attached [pid 2256] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2256] memfd_create("syzkaller", 0) = 3 [pid 2256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2258 [pid 2256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2256] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2256] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2247] <... mount resumed>) = 0 [pid 2256] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2253 attached [pid 2253] set_robust_list(0x555594a056a0, 24) = 0 [pid 2247] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2247] chdir("./file2") = 0 [pid 2247] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2253] chdir("./67") = 0 [pid 2253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2253] setpgid(0, 0) = 0 [pid 2253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2253] write(3, "1000", 4./strace-static-x86_64: Process 2258 attached ) = 4 [pid 2253] close(3) = 0 [pid 2253] symlink("/dev/binderfs", "./binderfs" [pid 2258] set_robust_list(0x555594a056a0, 24) = 0 executing program [pid 2256] <... ioctl resumed>) = 0 [pid 2256] close(3) = 0 [pid 2256] close(4 [pid 2251] <... mount resumed>) = 0 [pid 2251] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2251] chdir("./file2") = 0 [pid 2251] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2253] <... symlink resumed>) = 0 [pid 2253] write(1, "executing program\n", 18) = 18 [pid 2253] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2253] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2253] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2253] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2258] chdir("./64" [pid 2253] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2258] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 2262 attached [pid 2258] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2253] <... clone3 resumed> => {parent_tid=[2262]}, 88) = 2262 [pid 2253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2253] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2253] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2258] <... prctl resumed>) = 0 [pid 2258] setpgid(0, 0) = 0 [pid 2258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2262] set_robust_list(0x7f0aecccf9a0, 24 [pid 2258] <... openat resumed>) = 3 [pid 2258] write(3, "1000", 4) = 4 [pid 2258] close(3) = 0 [pid 2258] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2258] write(1, "executing program\n", 18) = 18 [pid 2258] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2258] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2258] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2263]}, 88) = 2263 [pid 2258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2258] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2258] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2263 attached [pid 2263] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2263] memfd_create("syzkaller", 0) = 3 [pid 2263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2262] <... set_robust_list resumed>) = 0 [pid 2262] rt_sigprocmask(SIG_SETMASK, [], [pid 2263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2262] memfd_create("syzkaller", 0) = 3 [pid 2262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2263] <... write resumed>) = 524288 [pid 2263] munmap(0x7f0ae48af000, 138412032 [pid 2262] <... write resumed>) = 524288 [pid 2263] <... munmap resumed>) = 0 [pid 2262] munmap(0x7f0ae48af000, 138412032 [pid 2263] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2262] <... munmap resumed>) = 0 [pid 2262] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2256] <... close resumed>) = 0 [pid 2247] <... openat resumed>) = 4 [pid 2256] mkdir("./file2", 0777 [pid 2247] ioctl(4, LOOP_CLR_FD [pid 2256] <... mkdir resumed>) = 0 [pid 2256] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2251] <... openat resumed>) = 4 [pid 2251] ioctl(4, LOOP_CLR_FD) = 0 [pid 2251] close(4) = 0 [pid 2251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2250] <... futex resumed>) = 0 [pid 2251] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2250] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2250] <... futex resumed>) = 0 [pid 2251] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2250] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] <... openat resumed>) = 4 [pid 2251] <... openat resumed>) = 4 [pid 2262] <... openat resumed>) = 4 [pid 2256] <... mount resumed>) = 0 [pid 2247] <... ioctl resumed>) = 0 [pid 2263] ioctl(4, LOOP_SET_FD, 3 [pid 2262] ioctl(4, LOOP_SET_FD, 3 [pid 2256] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] close(4 [pid 2263] <... ioctl resumed>) = 0 [pid 2256] <... openat resumed>) = 3 [pid 2251] <... futex resumed>) = 1 [pid 2250] <... futex resumed>) = 0 [pid 2247] <... close resumed>) = 0 [pid 2251] write(4, "#! \n", 4 [pid 2250] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2251] <... write resumed>) = 4 [pid 2250] <... futex resumed>) = 0 [pid 2247] <... futex resumed>) = 1 [pid 2251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2250] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2251] <... futex resumed>) = 0 [pid 2250] <... futex resumed>) = 0 [pid 2251] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2250] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2250] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2256] chdir("./file2" [pid 2245] <... futex resumed>) = 0 [pid 2263] close(3 [pid 2250] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2268]}, 88) = 2268 [pid 2250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2250] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2250] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2256] <... chdir resumed>) = 0 [pid 2256] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2245] <... futex resumed>) = 1 [pid 2247] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] <... close resumed>) = 0 [pid 2263] close(4 [pid 2262] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 2268 attached [pid 2268] set_robust_list(0x7f0aeccae9a0, 24 [pid 2262] close(3 [pid 2268] <... set_robust_list resumed>) = 0 [pid 2268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2247] <... openat resumed>) = 4 [pid 2262] <... close resumed>) = 0 [pid 2268] write(4, "#! \n", 4) = 4 [pid 2268] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2250] <... futex resumed>) = 0 [pid 2250] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2251] <... futex resumed>) = 0 [pid 2250] <... futex resumed>) = 1 [pid 2251] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2250] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2262] close(4 [pid 2268] <... futex resumed>) = 1 [pid 2251] <... mmap resumed>) = 0x200000000000 [pid 2247] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2250] <... futex resumed>) = 0 [pid 2268] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2250] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 1 [pid 2245] <... futex resumed>) = 0 [pid 2247] write(4, "#! \n", 4 [pid 2245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... write resumed>) = 4 [pid 2245] <... futex resumed>) = 0 [pid 2247] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2245] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2245] <... futex resumed>) = 0 [pid 2247] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2245] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2269]}, 88) = 2269 [pid 2245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2245] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2245] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2269 attached [pid 2269] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2269] write(4, "#! \n", 4) = 4 [pid 2269] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2245] <... futex resumed>) = 0 [pid 2245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2245] <... futex resumed>) = 1 [pid 2247] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2247] <... mmap resumed>) = 0x200000000000 [pid 2247] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2245] <... futex resumed>) = 0 [pid 2269] <... futex resumed>) = 1 [pid 2251] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2250] <... futex resumed>) = 0 [pid 2245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2250] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 2269] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2245] <... futex resumed>) = 0 [pid 2245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] <... futex resumed>) = ? [pid 2268] +++ killed by SIGBUS +++ [pid 2251] +++ killed by SIGBUS +++ [pid 2250] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2250, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2247] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2269] <... futex resumed>) = ? [pid 2245] <... futex resumed>) = ? [pid 2269] +++ killed by SIGBUS +++ [pid 2247] +++ killed by SIGBUS +++ [pid 2245] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2245, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2263] <... close resumed>) = 0 [pid 2256] <... openat resumed>) = 4 [pid 2263] mkdir("./file2", 0777 [pid 2256] ioctl(4, LOOP_CLR_FD [pid 2263] <... mkdir resumed>) = 0 [ 53.068228][ T2251] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 53.071789][ T2247] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2263] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2262] <... close resumed>) = 0 [pid 2262] mkdir("./file2", 0777) = 0 [pid 2262] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2256] <... ioctl resumed>) = 0 [pid 2256] close(4 [pid 2263] <... mount resumed>) = 0 [pid 2263] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2263] chdir("./file2") = 0 [pid 2263] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 2256] <... close resumed>) = 0 [pid 2263] <... openat resumed>) = 4 [pid 2256] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = 0 [pid 288] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2263] ioctl(4, LOOP_CLR_FD [pid 2256] <... futex resumed>) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2263] <... ioctl resumed>) = 0 [pid 2252] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] close(4 [pid 2256] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2252] <... futex resumed>) = 0 [pid 2263] <... close resumed>) = 0 [pid 2252] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2256] <... openat resumed>) = 4 [pid 2263] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2258] <... futex resumed>) = 0 [pid 2256] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2263] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2258] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2256] <... futex resumed>) = 1 [pid 2252] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./62/file2", [pid 2258] <... futex resumed>) = 0 [pid 2256] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./64/file2", [pid 2258] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2263] <... openat resumed>) = 4 [pid 2256] write(4, "#! \n", 4 [pid 2252] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2256] <... write resumed>) = 4 [pid 2252] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2263] <... futex resumed>) = 1 [pid 2258] <... futex resumed>) = 0 [pid 2256] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2252] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2258] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... openat resumed>) = 4 [pid 2252] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2258] <... futex resumed>) = 0 [pid 2256] <... futex resumed>) = 0 [pid 2252] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] newfstatat(4, "", [pid 2263] write(4, "#! \n", 4 [pid 2258] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2256] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] <... mprotect resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2263] <... write resumed>) = 4 [pid 2262] <... mount resumed>) = 0 [pid 2258] <... futex resumed>) = 0 [pid 2252] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] newfstatat(4, "", [pid 288] getdents64(4, [pid 2262] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2262] chdir("./file2") = 0 [pid 2262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2262] ioctl(4, LOOP_CLR_FD) = 0 [pid 2262] close(4) = 0 [pid 2262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2253] <... futex resumed>) = 0 [pid 2262] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2253] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2262] <... openat resumed>) = 4 [pid 2253] <... futex resumed>) = 0 [pid 2262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2253] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2262] <... futex resumed>) = 0 [pid 2253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2262] write(4, "#! \n", 4 [pid 2253] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2262] <... write resumed>) = 4 [pid 2253] <... futex resumed>) = 0 [pid 2262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2253] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2262] <... futex resumed>) = 0 [pid 2253] <... futex resumed>) = 0 [pid 2262] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2253] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2275]}, 88) = 2275 [pid 2253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2253] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2253] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2252] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2263] <... futex resumed>) = 0 [pid 2258] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] getdents64(4, [pid 2263] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2258] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 2258] <... mprotect resumed>) = 0 [pid 2252] <... clone3 resumed> => {parent_tid=[2276]}, 88) = 2276 [pid 291] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2258] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2252] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4 [pid 2258] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] close(4 [pid 288] <... close resumed>) = 0 [pid 2252] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... close resumed>) = 0 [pid 288] rmdir("./62/file2" [pid 2252] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2276 attached [pid 2276] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2276] write(4, "#! \n", 4 [pid 288] <... rmdir resumed>) = 0 [pid 2252] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2258] <... clone3 resumed> => {parent_tid=[2277]}, 88) = 2277 [pid 291] rmdir("./64/file2" [pid 2276] <... write resumed>) = 4 [pid 2276] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2276] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] <... rmdir resumed>) = 0 [pid 2252] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] rt_sigprocmask(SIG_SETMASK, [], [pid 288] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2252] <... futex resumed>) = 1 [pid 2256] <... futex resumed>) = 0 [pid 2252] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2277 attached ./strace-static-x86_64: Process 2275 attached [pid 2258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2256] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 291] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2258] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2256] <... mmap resumed>) = 0x200000000000 [pid 2258] <... futex resumed>) = 0 [pid 2256] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./62/binderfs", [pid 2275] set_robust_list(0x7f0aeccae9a0, 24 [pid 2277] set_robust_list(0x7f0aeccae9a0, 24 [pid 2258] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2275] <... set_robust_list resumed>) = 0 [pid 2256] <... futex resumed>) = 1 [pid 2252] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./64/binderfs", [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2277] <... set_robust_list resumed>) = 0 [pid 2275] rt_sigprocmask(SIG_SETMASK, [], [pid 2256] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./62/binderfs" [pid 2277] rt_sigprocmask(SIG_SETMASK, [], [pid 2275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2252] <... futex resumed>) = 0 [pid 291] unlink("./64/binderfs" [pid 288] <... unlink resumed>) = 0 [pid 2277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2277] write(4, "#! \n", 4) = 4 [pid 2277] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] <... futex resumed>) = 0 [pid 2258] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] <... futex resumed>) = 0 [pid 2258] <... futex resumed>) = 1 [pid 2263] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2258] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] <... mmap resumed>) = 0x200000000000 [pid 2263] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2258] <... futex resumed>) = 0 [pid 2263] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2258] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2258] <... futex resumed>) = 0 [pid 2277] <... futex resumed>) = 1 [pid 2275] write(4, "#! \n", 4 [pid 2256] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2252] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... unlink resumed>) = 0 [pid 288] getdents64(3, [pid 2275] <... write resumed>) = 4 [pid 291] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2275] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 2275] <... futex resumed>) = 1 [pid 291] close(3 [pid 288] <... close resumed>) = 0 [pid 2275] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... close resumed>) = 0 [pid 288] rmdir("./62" [pid 291] rmdir("./64" [pid 288] <... rmdir resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 288] mkdir("./63", 0777 [pid 291] mkdir("./65", 0777 [pid 288] <... mkdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... openat resumed>) = 3 [pid 291] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 291] close(3 [pid 288] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2278 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2279 [pid 2277] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] <... futex resumed>) = ? [pid 2258] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] <... futex resumed>) = 0 [pid 2253] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2253] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2262] <... futex resumed>) = 0 [pid 2276] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2278 attached [pid 2262] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2276] +++ killed by SIGBUS +++ [pid 2262] <... mmap resumed>) = 0x200000000000 [pid 2256] +++ killed by SIGBUS +++ [pid 2252] +++ killed by SIGBUS +++ [pid 2262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2279 attached [pid 2278] set_robust_list(0x555594a056a0, 24 [pid 2263] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2262] <... futex resumed>) = 1 [pid 2253] <... futex resumed>) = 0 [pid 2279] set_robust_list(0x555594a056a0, 24 [pid 2278] <... set_robust_list resumed>) = 0 [pid 2262] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2253] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2277] <... futex resumed>) = ? [pid 2279] <... set_robust_list resumed>) = 0 [pid 2278] chdir("./63" [pid 2262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2258] <... futex resumed>) = ? [pid 2253] <... futex resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2252, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2279] chdir("./65") = 0 [pid 2279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2279] setpgid(0, 0) = 0 executing program executing program [pid 2279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2279] write(3, "1000", 4) = 4 [pid 2279] close(3) = 0 [pid 2279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2279] write(1, "executing program\n", 18) = 18 [pid 2279] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2279] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2279] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2280]}, 88) = 2280 [pid 2279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2280 attached [pid 2280] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2280] memfd_create("syzkaller", 0) = 3 [pid 2280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2280] <... write resumed>) = 524288 [pid 2280] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2280] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2280] ioctl(4, LOOP_SET_FD, 3 [pid 2278] <... chdir resumed>) = 0 [pid 2278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2278] setpgid(0, 0) = 0 [pid 2278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2278] write(3, "1000", 4) = 4 [pid 2278] close(3) = 0 [pid 2278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2278] write(1, "executing program\n", 18) = 18 [pid 2278] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2278] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2278] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2282]}, 88) = 2282 [pid 2278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2282 attached [pid 2282] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2282] memfd_create("syzkaller", 0) = 3 [pid 2282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2253] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2282] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2282] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2277] +++ killed by SIGBUS +++ [pid 2263] +++ killed by SIGBUS +++ [pid 2258] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2258, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2262] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2275] <... futex resumed>) = ? [pid 2282] <... openat resumed>) = 4 [pid 2280] <... ioctl resumed>) = 0 [pid 2253] <... futex resumed>) = ? [pid 2282] ioctl(4, LOOP_SET_FD, 3 [pid 2280] close(3 [pid 2275] +++ killed by SIGBUS +++ [pid 2280] <... close resumed>) = 0 [pid 2280] close(4 [pid 2282] <... ioctl resumed>) = 0 [pid 2282] close(3 [pid 2262] +++ killed by SIGBUS +++ [pid 2253] +++ killed by SIGBUS +++ [pid 2282] <... close resumed>) = 0 [pid 2282] close(4 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2253, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... restart_syscall resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 289] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 53.258895][ T2256] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 53.264209][ T2263] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 53.291319][ T2262] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2280] <... close resumed>) = 0 [pid 2280] mkdir("./file2", 0777) = 0 [pid 2280] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2282] <... close resumed>) = 0 [pid 2282] mkdir("./file2", 0777) = 0 [pid 2282] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 290] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./65/file2", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./67/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(AT_FDCWD, "./64/file2", [pid 290] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 4 [pid 289] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(4, "", [pid 289] <... openat resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] newfstatat(4, "", [pid 287] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2280] <... mount resumed>) = 0 [pid 290] getdents64(4, [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... openat resumed>) = 4 [pid 2280] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 287] newfstatat(4, "", [pid 2280] <... openat resumed>) = 3 [pid 290] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2280] chdir("./file2" [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 2280] <... chdir resumed>) = 0 [pid 290] close(4 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2280] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... close resumed>) = 0 [pid 289] close(4 [pid 287] getdents64(4, [pid 2280] <... openat resumed>) = 4 [pid 290] rmdir("./65/file2" [pid 289] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2280] ioctl(4, LOOP_CLR_FD [pid 290] <... rmdir resumed>) = 0 [pid 289] rmdir("./64/file2" [pid 287] close(4 [pid 2280] <... ioctl resumed>) = 0 [pid 290] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... rmdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2280] close(4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] rmdir("./67/file2" [pid 2280] <... close resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./65/binderfs", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... rmdir resumed>) = 0 [pid 2280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(AT_FDCWD, "./64/binderfs", [pid 287] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2282] <... mount resumed>) = 0 [pid 2280] <... futex resumed>) = 1 [pid 2279] <... futex resumed>) = 0 [pid 290] unlink("./65/binderfs" [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... unlink resumed>) = 0 [pid 289] unlink("./64/binderfs" [pid 287] newfstatat(AT_FDCWD, "./67/binderfs", [pid 2282] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(3, [pid 289] <... unlink resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] getdents64(3, [pid 287] unlink("./67/binderfs" [pid 290] close(3 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... unlink resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] close(3 [pid 287] getdents64(3, [pid 290] rmdir("./65" [pid 289] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 289] rmdir("./64" [pid 287] close(3 [pid 290] mkdir("./66", 0777 [pid 289] <... rmdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 289] mkdir("./65", 0777 [pid 287] rmdir("./67" [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... mkdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] mkdir("./68", 0777 [pid 2282] <... openat resumed>) = 3 [pid 2280] <... futex resumed>) = 0 [pid 2279] <... futex resumed>) = 1 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... openat resumed>) = 3 [pid 287] <... mkdir resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] close(3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... openat resumed>) = 3 [pid 290] <... close resumed>) = 0 [pid 289] close(3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2282] chdir("./file2" [pid 2280] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] close(3 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2288 [pid 287] <... close resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2289 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2282] <... chdir resumed>) = 0 [pid 2280] <... openat resumed>) = 4 [pid 2282] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2290 [pid 2282] <... openat resumed>) = 4 [pid 2280] <... futex resumed>) = 1 [pid 2279] <... futex resumed>) = 0 [pid 2282] ioctl(4, LOOP_CLR_FD [pid 2280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2290 attached ./strace-static-x86_64: Process 2289 attached ./strace-static-x86_64: Process 2288 attached [pid 2282] <... ioctl resumed>) = 0 [pid 2280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2279] <... futex resumed>) = 0 [pid 2290] set_robust_list(0x555594a056a0, 24 [pid 2289] set_robust_list(0x555594a056a0, 24 [pid 2288] set_robust_list(0x555594a056a0, 24 [pid 2282] close(4 [pid 2280] write(4, "#! \n", 4 [pid 2279] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2290] <... set_robust_list resumed>) = 0 [pid 2289] <... set_robust_list resumed>) = 0 [pid 2288] <... set_robust_list resumed>) = 0 [pid 2282] <... close resumed>) = 0 [pid 2280] <... write resumed>) = 4 [pid 2279] <... futex resumed>) = 0 [pid 2290] chdir("./68" [pid 2289] chdir("./65" [pid 2288] chdir("./66" [pid 2282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2290] <... chdir resumed>) = 0 [pid 2289] <... chdir resumed>) = 0 [pid 2288] <... chdir resumed>) = 0 [pid 2282] <... futex resumed>) = 1 [pid 2280] <... futex resumed>) = 0 [pid 2279] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2278] <... futex resumed>) = 0 [pid 2290] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2289] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2288] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2279] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2290] <... prctl resumed>) = 0 [pid 2289] <... prctl resumed>) = 0 [pid 2288] <... prctl resumed>) = 0 [pid 2282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2279] <... mprotect resumed>) = 0 [pid 2278] <... futex resumed>) = 0 [pid 2290] setpgid(0, 0 [pid 2289] setpgid(0, 0 [pid 2288] setpgid(0, 0 [pid 2282] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2290] <... setpgid resumed>) = 0 [pid 2289] <... setpgid resumed>) = 0 [pid 2288] <... setpgid resumed>) = 0 [pid 2282] <... openat resumed>) = 4 [pid 2279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2290] <... openat resumed>) = 3 [pid 2282] <... futex resumed>) = 1 [pid 2278] <... futex resumed>) = 0 [pid 2282] write(4, "#! \n", 4 [pid 2288] <... openat resumed>) = 3 [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2289] <... openat resumed>) = 3 [pid 2282] <... write resumed>) = 4 [pid 2279] <... clone3 resumed> => {parent_tid=[2291]}, 88) = 2291 [pid 2288] write(3, "1000", 4 [pid 2278] <... futex resumed>) = 0 [pid 2290] write(3, "1000", 4./strace-static-x86_64: Process 2291 attached [pid 2291] set_robust_list(0x7f0aeccae9a0, 24 [pid 2290] <... write resumed>) = 4 [pid 2289] write(3, "1000", 4 [pid 2288] <... write resumed>) = 4 [pid 2282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2279] rt_sigprocmask(SIG_SETMASK, [], [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2291] <... set_robust_list resumed>) = 0 [pid 2290] close(3 [pid 2289] <... write resumed>) = 4 [pid 2288] close(3 [pid 2282] <... futex resumed>) = 0 [pid 2279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2278] <... futex resumed>) = 0 [pid 2291] rt_sigprocmask(SIG_SETMASK, [], [pid 2290] <... close resumed>) = 0 [pid 2289] close(3 [pid 2288] <... close resumed>) = 0 [pid 2282] write(4, "#! \n", 4 [pid 2279] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2290] symlink("/dev/binderfs", "./binderfs" [pid 2289] <... close resumed>) = 0 [pid 2288] symlink("/dev/binderfs", "./binderfs" [pid 2282] <... write resumed>) = 4 [pid 2279] <... futex resumed>) = 0 [pid 2291] write(4, "#! \n", 4 [pid 2290] <... symlink resumed>) = 0 [pid 2289] symlink("/dev/binderfs", "./binderfs" [pid 2288] <... symlink resumed>) = 0 [pid 2282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2279] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2291] <... write resumed>) = 4 [pid 2290] write(1, "executing program\n", 18executing program [pid 2289] <... symlink resumed>) = 0 executing program [pid 2288] write(1, "executing program\n", 18 [pid 2282] <... futex resumed>) = 1 [pid 2278] <... futex resumed>) = 0 [pid 2291] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 2290] <... write resumed>) = 18 [pid 2289] write(1, "executing program\n", 18 [pid 2288] <... write resumed>) = 18 [pid 2282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2291] <... futex resumed>) = 1 [pid 2290] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2289] <... write resumed>) = 18 [pid 2288] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2279] <... futex resumed>) = 0 [pid 2278] <... futex resumed>) = 0 [pid 2291] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] <... futex resumed>) = 0 [pid 2289] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] <... futex resumed>) = 0 [pid 2282] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2290] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2289] <... futex resumed>) = 0 [pid 2288] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2282] <... mmap resumed>) = 0x200000000000 [pid 2280] <... futex resumed>) = 0 [pid 2279] <... futex resumed>) = 1 [pid 2290] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2289] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2288] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2280] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2289] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2282] <... futex resumed>) = 1 [pid 2280] <... mmap resumed>) = 0x200000000000 [pid 2278] <... futex resumed>) = 0 [pid 2290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2280] <... futex resumed>) = 1 [pid 2279] <... futex resumed>) = 0 [pid 2278] <... futex resumed>) = 0 [pid 2290] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2288] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2282] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2290] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2289] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2288] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2279] <... futex resumed>) = 0 [pid 2290] <... mprotect resumed>) = 0 [pid 2289] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2288] <... mprotect resumed>) = 0 [pid 2282] +++ killed by SIGBUS +++ [pid 2278] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2278, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2292]}, 88) = 2292 [pid 2290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2290] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2290] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2289] <... mprotect resumed>) = 0 [pid 2289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2293]}, 88) = 2293 [pid 2289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2289] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2289] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2294]}, 88) = 2294 [pid 2288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2288] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2292 attached [pid 2292] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2292] memfd_create("syzkaller", 0) = 3 [pid 2292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2292] <... write resumed>) = 524288 [pid 2292] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2292] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2293 attached [pid 2293] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2293] memfd_create("syzkaller", 0) = 3 [pid 2293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 ./strace-static-x86_64: Process 2294 attached [pid 2294] set_robust_list(0x7f0aecccf9a0, 24 [pid 2280] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2294] <... set_robust_list resumed>) = 0 [pid 2293] munmap(0x7f0ae48af000, 138412032 [pid 2291] <... futex resumed>) = ? [pid 2279] <... futex resumed>) = ? [pid 2294] rt_sigprocmask(SIG_SETMASK, [], [pid 2292] <... ioctl resumed>) = 0 [pid 2292] close(3) = 0 [pid 2292] close(4 [pid 2294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2293] <... munmap resumed>) = 0 [pid 2294] memfd_create("syzkaller", 0 [pid 2291] +++ killed by SIGBUS +++ [pid 2294] <... memfd_create resumed>) = 3 [pid 2293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2280] +++ killed by SIGBUS +++ [pid 2279] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2279, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2294] munmap(0x7f0ae48af000, 138412032) = 0 [ 53.547511][ T2282] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 53.563888][ T2280] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2292] <... close resumed>) = 0 [pid 2292] mkdir("./file2", 0777) = 0 [pid 2292] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2293] <... openat resumed>) = 4 [pid 2293] ioctl(4, LOOP_SET_FD, 3 [pid 2292] <... mount resumed>) = 0 [pid 2292] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2292] chdir("./file2") = 0 [pid 2292] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2294] <... openat resumed>) = 4 [pid 2294] ioctl(4, LOOP_SET_FD, 3 [pid 2293] <... ioctl resumed>) = 0 [pid 2292] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 2293] close(3) = 0 [pid 2293] close(4) = 0 [pid 2293] mkdir("./file2", 0777) = 0 [pid 2292] ioctl(4, LOOP_CLR_FD [pid 2293] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 288] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./63/file2", [pid 291] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2294] <... ioctl resumed>) = 0 [pid 2292] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2294] close(3 [pid 2292] close(4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] newfstatat(AT_FDCWD, "./65/file2", [pid 2292] <... close resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2294] <... close resumed>) = 0 [pid 2292] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./63/file2") = 0 [pid 288] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./63/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./63") = 0 [pid 288] mkdir("./64", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2292] <... futex resumed>) = 1 [pid 291] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2290] <... futex resumed>) = 0 [pid 2294] close(4 [pid 2292] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2294] <... close resumed>) = 0 [pid 2292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2290] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2294] mkdir("./file2", 0777 [pid 2292] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2290] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 4 [pid 2294] <... mkdir resumed>) = 0 [pid 291] newfstatat(4, "", [pid 288] <... openat resumed>) = 3 [pid 2292] <... openat resumed>) = 4 [pid 2294] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2292] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] getdents64(4, [pid 2292] <... futex resumed>) = 1 [pid 2290] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2292] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 2292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2290] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2292] write(4, "#! \n", 4 [pid 2290] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(4 [pid 2292] <... write resumed>) = 4 [pid 2290] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 288] close(3 [pid 2290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2292] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./65/file2" [pid 2290] <... mmap resumed>) = 0x7f0aecc8e000 [pid 288] <... close resumed>) = 0 [pid 2292] <... futex resumed>) = 0 [pid 2290] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... rmdir resumed>) = 0 [pid 2292] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] <... mprotect resumed>) = 0 [pid 291] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2290] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2290] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] newfstatat(AT_FDCWD, "./65/binderfs", [pid 2290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./65/binderfs" [pid 2290] <... clone3 resumed> => {parent_tid=[2300]}, 88) = 2300 [pid 2290] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... unlink resumed>) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2301 [pid 2290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] getdents64(3, [pid 2290] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2290] <... futex resumed>) = 0 [pid 291] close(3 [pid 2290] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./65") = 0 [pid 291] mkdir("./66", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2300 attached [pid 2300] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2300] write(4, "#! \n", 4) = 4 [pid 2300] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2300] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2290] <... futex resumed>) = 0 [pid 2290] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2290] <... futex resumed>) = 1 [pid 2292] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 2301 attached [pid 2301] set_robust_list(0x555594a056a0, 24 [pid 2292] <... mmap resumed>) = 0x200000000000 [pid 2290] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2303 [pid 2292] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2292] <... futex resumed>) = 0 [pid 2290] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2301] <... set_robust_list resumed>) = 0 [pid 2301] chdir("./64") = 0 [pid 2301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2301] setpgid(0, 0) = 0 [pid 2301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2301] write(3, "1000", 4) = 4 [pid 2301] close(3) = 0 [pid 2301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2301] write(1, "executing program\n", 18executing program ) = 18 [pid 2301] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2301] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2301] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2304]}, 88) = 2304 [pid 2301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2301] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2301] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2304 attached [pid 2304] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2304] memfd_create("syzkaller", 0) = 3 [pid 2304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2290] <... futex resumed>) = 0 [pid 2290] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2304] <... write resumed>) = 524288 [pid 2304] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2304] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2304] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2303 attached [pid 2303] set_robust_list(0x555594a056a0, 24) = 0 [pid 2303] chdir("./66") = 0 [pid 2303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2303] setpgid(0, 0 [pid 2293] <... mount resumed>) = 0 [pid 2292] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2293] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2293] chdir("./file2") = 0 [pid 2293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2304] <... ioctl resumed>) = 0 [pid 2303] <... setpgid resumed>) = 0 [pid 2300] <... futex resumed>) = ? [pid 2293] <... openat resumed>) = 4 [pid 2290] <... futex resumed>) = ? [pid 2294] <... mount resumed>) = 0 [pid 2293] ioctl(4, LOOP_CLR_FD [pid 2304] close(3 [pid 2294] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2293] <... ioctl resumed>) = 0 [pid 2304] <... close resumed>) = 0 [pid 2303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2294] <... openat resumed>) = 3 [pid 2293] close(4) = 0 [pid 2300] +++ killed by SIGBUS +++ [pid 2292] +++ killed by SIGBUS +++ [pid 2290] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2304] close(4) = 0 [pid 2304] mkdir("./file2", 0777) = 0 [pid 2304] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2303] <... openat resumed>) = 3 [pid 2303] write(3, "1000", 4) = 4 [pid 2303] close(3) = 0 [pid 2303] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2294] chdir("./file2" [pid 2293] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] write(1, "executing program\n", 18 [pid 2294] <... chdir resumed>) = 0 [pid 2293] <... futex resumed>) = 1 [pid 2289] <... futex resumed>) = 0 [pid 2294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2293] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2289] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] <... openat resumed>) = 4 [pid 2289] <... futex resumed>) = 0 [pid 2293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2289] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2294] ioctl(4, LOOP_CLR_FD [pid 2303] <... write resumed>) = 18 [pid 2293] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2294] <... ioctl resumed>) = 0 [pid 2303] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] close(4) = 0 [pid 2293] <... openat resumed>) = 4 [pid 2303] <... futex resumed>) = 0 [pid 2294] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] <... futex resumed>) = 1 [pid 2293] <... futex resumed>) = 1 [pid 2289] <... futex resumed>) = 0 [pid 2288] <... futex resumed>) = 0 [pid 2294] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2293] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2289] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2289] <... futex resumed>) = 0 [pid 2288] <... futex resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 2294] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2293] write(4, "#! \n", 4 [pid 2289] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2294] <... openat resumed>) = 4 [pid 2293] <... write resumed>) = 4 [pid 2289] <... futex resumed>) = 0 [pid 2303] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2294] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2294] <... futex resumed>) = 1 [pid 2293] <... futex resumed>) = 0 [pid 2289] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2288] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2294] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2293] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2289] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2288] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2289] <... mprotect resumed>) = 0 [pid 2288] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2303] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2294] write(4, "#! \n", 4 [pid 2289] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2288] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(3, "", [pid 2303] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2294] <... write resumed>) = 4 [pid 2289] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2288] <... futex resumed>) = 0 [pid 2294] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2303] <... mprotect resumed>) = 0 [pid 2294] <... futex resumed>) = 0 [pid 2288] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2294] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2288] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] getdents64(3, [pid 2303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2289] <... clone3 resumed> => {parent_tid=[2311]}, 88) = 2311 [pid 2288] <... mprotect resumed>) = 0 [pid 2303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2289] rt_sigprocmask(SIG_SETMASK, [], [pid 2288] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2288] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2289] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2311 attached [pid 2289] <... futex resumed>) = 0 [pid 2288] <... clone3 resumed> => {parent_tid=[2313]}, 88) = 2313 [pid 2289] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2288] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2304] <... mount resumed>) = 0 [pid 2304] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2304] chdir("./file2") = 0 [pid 2304] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2304] ioctl(4, LOOP_CLR_FD) = 0 [pid 2304] close(4./strace-static-x86_64: Process 2313 attached ./strace-static-x86_64: Process 2312 attached [pid 2311] set_robust_list(0x7f0aeccae9a0, 24 [pid 2304] <... close resumed>) = 0 [pid 2303] <... clone3 resumed> => {parent_tid=[2312]}, 88) = 2312 [pid 2303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2303] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2303] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2311] <... set_robust_list resumed>) = 0 [pid 2311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2311] write(4, "#! \n", 4 [pid 2304] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2313] set_robust_list(0x7f0aeccae9a0, 24 [pid 2312] set_robust_list(0x7f0aecccf9a0, 24 [pid 2311] <... write resumed>) = 4 [pid 2304] <... futex resumed>) = 1 [pid 2301] <... futex resumed>) = 0 [pid 2304] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2301] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2301] <... futex resumed>) = 0 [pid 2304] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2301] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] <... set_robust_list resumed>) = 0 [pid 2312] <... set_robust_list resumed>) = 0 [pid 2311] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2304] <... openat resumed>) = 4 [pid 2313] rt_sigprocmask(SIG_SETMASK, [], [pid 2312] rt_sigprocmask(SIG_SETMASK, [], [pid 2311] <... futex resumed>) = 1 [pid 2304] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2289] <... futex resumed>) = 0 [pid 2304] <... futex resumed>) = 1 [pid 2301] <... futex resumed>) = 0 [pid 2304] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2301] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2289] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2301] <... futex resumed>) = 0 [pid 2293] <... futex resumed>) = 0 [pid 2289] <... futex resumed>) = 1 [pid 2304] write(4, "#! \n", 4) = 4 [pid 2301] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [ 53.694859][ T2292] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2293] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2289] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2304] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2301] <... futex resumed>) = 0 [pid 2293] <... mmap resumed>) = 0x200000000000 [pid 2311] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2304] <... futex resumed>) = 0 [pid 2301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2304] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2293] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2301] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2293] <... futex resumed>) = 1 [pid 2289] <... futex resumed>) = 0 [pid 2301] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2289] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2313] write(4, "#! \n", 4 [pid 2312] memfd_create("syzkaller", 0 [pid 2313] <... write resumed>) = 4 [pid 2312] <... memfd_create resumed>) = 3 [pid 2313] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2313] <... futex resumed>) = 1 [pid 2312] <... mmap resumed>) = 0x7f0ae48af000 [pid 2288] <... futex resumed>) = 0 [pid 2313] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2288] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] <... futex resumed>) = 0 [pid 2288] <... futex resumed>) = 1 [pid 2294] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2288] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2294] <... mmap resumed>) = 0x200000000000 [pid 2294] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2288] <... futex resumed>) = 0 [pid 2294] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2288] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2288] <... futex resumed>) = 0 [pid 2301] <... mprotect resumed>) = 0 [pid 2289] <... futex resumed>) = 0 [pid 2301] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2289] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2301] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2314]}, 88) = 2314 [pid 2301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2301] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2301] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 ./strace-static-x86_64: Process 2314 attached [pid 2314] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2314] write(4, "#! \n", 4) = 4 [pid 2312] munmap(0x7f0ae48af000, 138412032 [pid 2314] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... munmap resumed>) = 0 [pid 2301] <... futex resumed>) = 0 [pid 2301] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2304] <... futex resumed>) = 0 [pid 2301] <... futex resumed>) = 1 [pid 2304] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2301] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2304] <... mmap resumed>) = 0x200000000000 [pid 2304] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2301] <... futex resumed>) = 0 [pid 2304] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2301] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2301] <... futex resumed>) = 0 [pid 2314] <... futex resumed>) = 1 [pid 2312] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2293] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2288] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2313] <... futex resumed>) = ? [pid 2313] +++ killed by SIGBUS +++ [pid 2294] +++ killed by SIGBUS +++ [pid 2288] +++ killed by SIGBUS +++ [pid 2311] <... futex resumed>) = ? [pid 2314] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2288, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 290] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2301] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2289] <... futex resumed>) = ? [pid 2311] +++ killed by SIGBUS +++ [pid 2293] +++ killed by SIGBUS +++ [pid 2289] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 289] getdents64(3, [pid 2314] <... futex resumed>) = ? [pid 2301] <... futex resumed>) = ? [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2314] +++ killed by SIGBUS +++ [pid 2312] <... openat resumed>) = 4 [pid 289] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 2312] ioctl(4, LOOP_SET_FD, 3 [pid 2304] +++ killed by SIGBUS +++ [pid 2301] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2312] <... ioctl resumed>) = 0 [pid 2312] close(3) = 0 [pid 2312] close(4 [pid 287] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./68/file2") = 0 [pid 287] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./68/binderfs", [pid 288] <... restart_syscall resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./68/binderfs") = 0 [pid 287] getdents64(3, [pid 288] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(3 [pid 288] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./68" [pid 288] <... openat resumed>) = 3 [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./69", 0777 [pid 288] newfstatat(3, "", [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 53.745001][ T2293] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 53.747949][ T2294] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 53.768713][ T2304] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2312] <... close resumed>) = 0 [pid 2312] mkdir("./file2", 0777) = 0 [pid 2312] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./66/file2", [pid 287] close(3 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 4 [pid 288] newfstatat(AT_FDCWD, "./64/file2", [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(4, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] getdents64(4, [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2316 ./strace-static-x86_64: Process 2316 attached [pid 290] <... openat resumed>) = 4 [pid 2316] set_robust_list(0x555594a056a0, 24 [pid 290] newfstatat(4, "", [pid 2316] <... set_robust_list resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2316] chdir("./69" [pid 290] getdents64(4, [pid 2316] <... chdir resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 290] getdents64(4, [pid 2316] <... prctl resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2316] setpgid(0, 0 [pid 290] close(4 [pid 2316] <... setpgid resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 2316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] rmdir("./66/file2" [pid 2316] <... openat resumed>) = 3 [pid 290] <... rmdir resumed>) = 0 [pid 2316] write(3, "1000", 4 [pid 290] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2316] <... write resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2316] close(3 [pid 290] newfstatat(AT_FDCWD, "./66/binderfs", [pid 288] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2316] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... openat resumed>) = 4 [pid 2316] symlink("/dev/binderfs", "./binderfs" [pid 290] unlink("./66/binderfs" [pid 289] getdents64(4, [pid 2316] <... symlink resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 2316] write(1, "executing program\n", 18 [pid 290] getdents64(3, [pid 2316] <... write resumed>) = 18 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2316] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 2316] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 2316] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 290] rmdir("./66" [pid 2316] <... rt_sigaction resumed>NULL, 8) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 290] mkdir("./67", 0777 [pid 2316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] newfstatat(4, "", [pid 2316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2316] <... mmap resumed>) = 0x7f0aeccaf000 [pid 290] <... openat resumed>) = 3 [pid 2316] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] close(4 [pid 2316] <... mprotect resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] getdents64(4, [pid 2316] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] close(3 [pid 289] <... close resumed>) = 0 [pid 2316] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... close resumed>) = 0 [pid 289] rmdir("./65/file2" [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... rmdir resumed>) = 0 [pid 288] getdents64(4, [pid 2316] <... clone3 resumed> => {parent_tid=[2318]}, 88) = 2318 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2317 [pid 289] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2316] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] close(4 [pid 2316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] newfstatat(AT_FDCWD, "./65/binderfs", [pid 288] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] rmdir("./64/file2" [pid 289] unlink("./65/binderfs" [pid 2316] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2316] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program executing program [pid 289] <... unlink resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 289] getdents64(3, [pid 288] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 2317 attached [pid 2317] set_robust_list(0x555594a056a0, 24 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] close(3 [pid 288] newfstatat(AT_FDCWD, "./64/binderfs", [pid 289] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] rmdir("./65" [pid 288] unlink("./64/binderfs" [pid 2317] <... set_robust_list resumed>) = 0 [pid 2317] chdir("./67") = 0 [pid 2317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2317] setpgid(0, 0 [pid 289] <... rmdir resumed>) = 0 [pid 2317] <... setpgid resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 289] mkdir("./66", 0777 [pid 288] getdents64(3, [pid 2317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] <... mkdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2317] write(3, "1000", 4 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] close(3 [pid 2317] <... write resumed>) = 4 [pid 288] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 288] rmdir("./64" [pid 2317] close(3) = 0 [pid 2317] symlink("/dev/binderfs", "./binderfs" [pid 288] <... rmdir resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] mkdir("./65", 0777 [pid 2317] <... symlink resumed>) = 0 [pid 2317] write(1, "executing program\n", 18 [pid 288] <... mkdir resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] close(3 [pid 2317] <... write resumed>) = 18 [pid 288] <... openat resumed>) = 3 [pid 289] <... close resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2317] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 288] close(3 [pid 2317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... close resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2320 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2317] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2317] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2321 [pid 2317] <... clone3 resumed> => {parent_tid=[2322]}, 88) = 2322 [pid 2317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2317] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2318 attached [pid 2318] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2318] memfd_create("syzkaller", 0) = 3 [pid 2318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2318] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2318] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2320 attached [pid 2320] set_robust_list(0x555594a056a0, 24) = 0 [pid 2320] chdir("./66") = 0 [pid 2320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2320] setpgid(0, 0) = 0 [pid 2320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 2321 attached [pid 2320] write(3, "1000", 4) = 4 [pid 2320] close(3executing program ) = 0 [pid 2320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2320] write(1, "executing program\n", 18) = 18 [pid 2320] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2320] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2312] <... mount resumed>) = 0 [pid 2320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2312] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2320] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2312] <... openat resumed>) = 3 [pid 2320] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2312] chdir("./file2") = 0 [pid 2320] <... mprotect resumed>) = 0 [pid 2312] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2321] set_robust_list(0x555594a056a0, 24) = 0 [pid 2320] <... clone3 resumed> => {parent_tid=[2325]}, 88) = 2325 [pid 2320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2320] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] chdir("./65" [pid 2320] <... futex resumed>) = 0 [pid 2320] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2318] <... ioctl resumed>) = 0 [pid 2318] close(3) = 0 [pid 2318] close(4./strace-static-x86_64: Process 2325 attached [pid 2325] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2325] memfd_create("syzkaller", 0) = 3 [pid 2325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2321] <... chdir resumed>) = 0 [pid 2321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2321] setpgid(0, 0) = 0 [pid 2321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 2322 attached [pid 2321] <... openat resumed>) = 3 [pid 2321] write(3, "1000", 4 [pid 2322] set_robust_list(0x7f0aecccf9a0, 24 [pid 2321] <... write resumed>) = 4 [pid 2322] <... set_robust_list resumed>) = 0 [pid 2321] close(3 [pid 2322] rt_sigprocmask(SIG_SETMASK, [], [pid 2321] <... close resumed>) = 0 [pid 2322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2321] symlink("/dev/binderfs", "./binderfs" [pid 2322] memfd_create("syzkaller", 0 [pid 2321] <... symlink resumed>) = 0 executing program [pid 2321] write(1, "executing program\n", 18 [pid 2322] <... memfd_create resumed>) = 3 [pid 2321] <... write resumed>) = 18 [pid 2325] <... write resumed>) = 524288 [pid 2325] munmap(0x7f0ae48af000, 138412032 [pid 2321] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2321] <... futex resumed>) = 0 [pid 2325] <... munmap resumed>) = 0 [pid 2321] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2322] <... mmap resumed>) = 0x7f0ae48af000 [pid 2325] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2321] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2321] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2326]}, 88) = 2326 [pid 2321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2321] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2326 attached [pid 2326] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2326] memfd_create("syzkaller", 0 [pid 2322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2326] <... memfd_create resumed>) = 3 [pid 2326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2322] <... write resumed>) = 524288 [pid 2322] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2322] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2326] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2318] <... close resumed>) = 0 [pid 2312] <... openat resumed>) = 4 [pid 2318] mkdir("./file2", 0777 [pid 2326] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2312] ioctl(4, LOOP_CLR_FD [pid 2318] <... mkdir resumed>) = 0 [pid 2318] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2325] <... openat resumed>) = 4 [pid 2312] <... ioctl resumed>) = 0 [pid 2326] <... openat resumed>) = 4 [pid 2326] ioctl(4, LOOP_SET_FD, 3 [pid 2312] close(4 [pid 2325] ioctl(4, LOOP_SET_FD, 3 [pid 2312] <... close resumed>) = 0 [pid 2322] <... openat resumed>) = 4 [pid 2322] ioctl(4, LOOP_SET_FD, 3 [pid 2312] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2303] <... futex resumed>) = 0 [pid 2326] <... ioctl resumed>) = 0 [pid 2312] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2303] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2303] <... futex resumed>) = 0 [pid 2326] close(3) = 0 [pid 2326] close(4 [pid 2325] <... ioctl resumed>) = 0 [pid 2312] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2303] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2325] close(3) = 0 [pid 2325] close(4 [pid 2312] <... openat resumed>) = 4 [pid 2312] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2303] <... futex resumed>) = 0 [pid 2312] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2303] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2303] <... futex resumed>) = 0 [pid 2312] write(4, "#! \n", 4 [pid 2303] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... write resumed>) = 4 [pid 2303] <... futex resumed>) = 0 [pid 2312] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2312] <... futex resumed>) = 0 [pid 2303] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2312] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2303] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2330 attached => {parent_tid=[2330]}, 88) = 2330 [pid 2330] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2330] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] <... ioctl resumed>) = 0 [pid 2322] close(3) = 0 [pid 2322] close(4 [pid 2303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2303] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2303] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2330] <... futex resumed>) = 0 [pid 2330] write(4, "#! \n", 4) = 4 [pid 2330] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2303] <... futex resumed>) = 0 [pid 2303] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2330] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2318] <... mount resumed>) = 0 [pid 2303] <... futex resumed>) = 1 [pid 2312] <... futex resumed>) = 0 [pid 2318] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2312] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2303] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... openat resumed>) = 3 [pid 2318] chdir("./file2") = 0 [pid 2312] <... mmap resumed>) = 0x200000000000 [pid 2318] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2312] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2303] <... futex resumed>) = 0 [pid 2303] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2303] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2330] <... futex resumed>) = ? [pid 2303] <... futex resumed>) = ? [pid 2330] +++ killed by SIGBUS +++ [pid 2312] +++ killed by SIGBUS +++ [pid 2303] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2303, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2325] <... close resumed>) = 0 [pid 2325] mkdir("./file2", 0777) = 0 [ 54.112810][ T2312] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2325] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2326] <... close resumed>) = 0 [pid 2322] <... close resumed>) = 0 [pid 2326] mkdir("./file2", 0777) = 0 [pid 2322] mkdir("./file2", 0777 [pid 2326] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2322] <... mkdir resumed>) = 0 [pid 2322] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2318] <... openat resumed>) = 4 [pid 2318] ioctl(4, LOOP_CLR_FD [pid 2325] <... mount resumed>) = 0 [pid 2325] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2325] chdir("./file2") = 0 [pid 2325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2318] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 2325] ioctl(4, LOOP_CLR_FD [pid 2318] close(4 [pid 291] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2325] <... ioctl resumed>) = 0 [pid 2318] <... close resumed>) = 0 [pid 2325] close(4 [pid 2318] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2325] <... close resumed>) = 0 [pid 2325] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = 1 [pid 2316] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./66/file2", [pid 2325] <... futex resumed>) = 1 [pid 2320] <... futex resumed>) = 0 [pid 2318] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2316] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2325] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2320] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2316] <... futex resumed>) = 0 [pid 291] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2320] <... futex resumed>) = 0 [pid 2318] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2316] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2325] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2320] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2325] <... openat resumed>) = 4 [pid 2318] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 4 [pid 2325] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = 1 [pid 2316] <... futex resumed>) = 0 [pid 291] newfstatat(4, "", [pid 2325] <... futex resumed>) = 1 [pid 2320] <... futex resumed>) = 0 [pid 2318] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2316] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2325] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2320] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2316] <... futex resumed>) = 0 [pid 2325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2320] <... futex resumed>) = 0 [pid 2318] write(4, "#! \n", 4 [pid 2316] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 2325] write(4, "#! \n", 4 [pid 2320] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... write resumed>) = 4 [pid 2316] <... futex resumed>) = 0 [pid 2325] <... write resumed>) = 4 [pid 2320] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2325] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2318] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 2325] <... futex resumed>) = 0 [pid 2320] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2318] <... futex resumed>) = 0 [pid 2316] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2325] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2320] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2318] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2316] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] close(4 [pid 2320] <... mprotect resumed>) = 0 [pid 2316] <... mprotect resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 2320] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2316] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2320] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] rmdir("./66/file2" [pid 2320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2316] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... rmdir resumed>) = 0 [pid 2320] <... clone3 resumed> => {parent_tid=[2339]}, 88) = 2339 [pid 291] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2320] rt_sigprocmask(SIG_SETMASK, [], [pid 2316] <... clone3 resumed> => {parent_tid=[2341]}, 88) = 2341 [pid 2320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2316] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2320] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] newfstatat(AT_FDCWD, "./66/binderfs", [pid 2320] <... futex resumed>) = 0 [pid 2316] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 2339 attached [pid 2326] <... mount resumed>) = 0 [pid 2320] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2316] <... futex resumed>) = 0 [pid 291] unlink("./66/binderfs"./strace-static-x86_64: Process 2341 attached [pid 2339] set_robust_list(0x7f0aeccae9a0, 24 [pid 2326] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2322] <... mount resumed>) = 0 [pid 2316] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... unlink resumed>) = 0 [pid 2341] set_robust_list(0x7f0aeccae9a0, 24 [pid 2326] <... openat resumed>) = 3 [pid 2322] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 291] getdents64(3, [pid 2341] <... set_robust_list resumed>) = 0 [pid 2326] chdir("./file2" [pid 2322] <... openat resumed>) = 3 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2341] rt_sigprocmask(SIG_SETMASK, [], [pid 2326] <... chdir resumed>) = 0 [pid 291] close(3 [pid 2341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2326] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2322] chdir("./file2" [pid 291] <... close resumed>) = 0 [pid 2341] write(4, "#! \n", 4 [pid 2326] <... openat resumed>) = 4 [pid 291] rmdir("./66" [pid 2341] <... write resumed>) = 4 [pid 2339] <... set_robust_list resumed>) = 0 [pid 2326] ioctl(4, LOOP_CLR_FD [pid 2322] <... chdir resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2341] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2326] <... ioctl resumed>) = 0 [pid 2322] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] mkdir("./67", 0777 [pid 2341] <... futex resumed>) = 1 [pid 2326] close(4 [pid 2322] <... openat resumed>) = 4 [pid 2316] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 2339] rt_sigprocmask(SIG_SETMASK, [], [pid 2326] <... close resumed>) = 0 [pid 2322] ioctl(4, LOOP_CLR_FD [pid 2339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2326] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... ioctl resumed>) = 0 [pid 2316] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2339] write(4, "#! \n", 4 [pid 2326] <... futex resumed>) = 1 [pid 2322] close(4 [pid 2321] <... futex resumed>) = 0 [pid 2318] <... futex resumed>) = 0 [pid 2316] <... futex resumed>) = 1 [pid 291] <... openat resumed>) = 3 [pid 2341] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2339] <... write resumed>) = 4 [pid 2326] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] <... close resumed>) = 0 [pid 2321] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2316] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, LOOP_CLR_FD [pid 2339] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2322] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2318] <... mmap resumed>) = 0x200000000000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2339] <... futex resumed>) = 1 [pid 2326] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2322] <... futex resumed>) = 1 [pid 2321] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2320] <... futex resumed>) = 0 [pid 2318] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 0 [pid 291] close(3 [pid 2339] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2326] <... openat resumed>) = 4 [pid 2322] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2320] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] <... futex resumed>) = 1 [pid 2317] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2316] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 2326] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2325] <... futex resumed>) = 0 [pid 2320] <... futex resumed>) = 1 [pid 2318] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] <... futex resumed>) = 0 [pid 2316] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2342 attached [pid 2326] <... futex resumed>) = 1 [pid 2325] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2321] <... futex resumed>) = 0 [pid 2320] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2317] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2316] <... futex resumed>) = 0 [pid 2326] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2325] <... mmap resumed>) = 0x200000000000 [pid 2322] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2321] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] set_robust_list(0x555594a056a0, 24 [pid 2322] <... openat resumed>) = 4 [pid 2342] <... set_robust_list resumed>) = 0 [pid 2322] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] chdir("./67" [pid 2322] <... futex resumed>) = 0 [pid 2342] <... chdir resumed>) = 0 [pid 2322] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2342] setpgid(0, 0) = 0 [pid 2342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2342] write(3, "1000", 4) = 4 [pid 2342] close(3) = 0 [pid 2342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2342] write(1, "executing program\n", 18executing program ) = 18 [pid 2342] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2342] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2325] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2316] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2342 ./strace-static-x86_64: Process 2343 attached [pid 2342] <... clone3 resumed> => {parent_tid=[2343]}, 88) = 2343 [pid 2326] write(4, "#! \n", 4 [pid 2325] <... futex resumed>) = 1 [pid 2321] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2320] <... futex resumed>) = 0 [pid 2318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2317] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2343] set_robust_list(0x7f0aecccf9a0, 24 [pid 2342] rt_sigprocmask(SIG_SETMASK, [], [pid 2326] <... write resumed>) = 4 [pid 2325] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2321] <... futex resumed>) = 0 [pid 2320] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 1 [pid 2343] <... set_robust_list resumed>) = 0 [pid 2342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2341] <... futex resumed>) = ? [pid 2326] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2322] <... futex resumed>) = 0 [pid 2321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2320] <... futex resumed>) = 0 [pid 2317] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2316] <... futex resumed>) = ? [pid 2343] rt_sigprocmask(SIG_SETMASK, [], [pid 2341] +++ killed by SIGBUS +++ [pid 2326] <... futex resumed>) = 0 [pid 2321] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2320] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2326] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2321] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2321] <... mprotect resumed>) = 0 [pid 2318] +++ killed by SIGBUS +++ [pid 2316] +++ killed by SIGBUS +++ [pid 2321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2344]}, 88) = 2344 [pid 2321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2321] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2321] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2344 attached [pid 2344] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2344] write(4, "#! \n", 4) = 4 [pid 2344] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2321] <... futex resumed>) = 0 [pid 2321] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2326] <... futex resumed>) = 0 [pid 2321] <... futex resumed>) = 1 [pid 2326] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2321] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2326] <... mmap resumed>) = 0x200000000000 [pid 2326] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2321] <... futex resumed>) = 0 [pid 2326] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2321] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2321] <... futex resumed>) = 0 [pid 2344] <... futex resumed>) = 1 [pid 2342] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2322] write(4, "#! \n", 4 [pid 2317] <... futex resumed>) = 0 [pid 2342] <... futex resumed>) = 1 [pid 2322] <... write resumed>) = 4 [pid 2317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2316, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2342] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2322] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2322] <... futex resumed>) = 0 [pid 2317] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2322] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] <... mprotect resumed>) = 0 [pid 287] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2317] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2317] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 2317] <... clone3 resumed> => {parent_tid=[2345]}, 88) = 2345 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2317] rt_sigprocmask(SIG_SETMASK, [], [pid 287] getdents64(3, [pid 2317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2317] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2317] <... futex resumed>) = 0 [pid 2317] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2339] <... futex resumed>) = ? [pid 2344] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2321] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 0 [pid 2343] memfd_create("syzkaller", 0) = 3 [pid 2343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2320] <... futex resumed>) = ? [pid 2343] munmap(0x7f0ae48af000, 138412032 [pid 2339] +++ killed by SIGBUS +++ [pid 2325] +++ killed by SIGBUS +++ [pid 2320] +++ killed by SIGBUS +++ [pid 2326] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2321] <... futex resumed>) = ? [pid 2344] <... futex resumed>) = ? [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2320, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2343] <... munmap resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2343] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2344] +++ killed by SIGBUS +++ [ 54.376921][ T2318] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 54.394005][ T2325] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 54.396590][ T2326] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters ./strace-static-x86_64: Process 2345 attached [pid 2345] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2345] rt_sigprocmask(SIG_SETMASK, [], [pid 2326] +++ killed by SIGBUS +++ [pid 2321] +++ killed by SIGBUS +++ [pid 2345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2321, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2345] write(4, "#! \n", 4 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2345] <... write resumed>) = 4 [pid 2345] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 0 [pid 2345] <... futex resumed>) = 1 [pid 2317] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2345] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] <... futex resumed>) = 0 [pid 2317] <... futex resumed>) = 1 [pid 2322] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2317] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2322] <... mmap resumed>) = 0x200000000000 [pid 2322] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] <... futex resumed>) = 0 [pid 2322] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2317] <... futex resumed>) = 0 [pid 2317] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2345] <... futex resumed>) = ? [pid 2317] <... futex resumed>) = ? [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2345] +++ killed by SIGBUS +++ [pid 2322] +++ killed by SIGBUS +++ [pid 2317] +++ killed by SIGBUS +++ [pid 2343] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 2343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2343] close(3) = 0 [pid 2343] close(4 [pid 289] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2317, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 287] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./69/file2") = 0 [pid 287] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./69/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./69") = 0 [pid 287] mkdir("./70", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 54.427748][ T2322] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2343] <... close resumed>) = 0 [pid 2343] mkdir("./file2", 0777) = 0 [pid 2343] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 290] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./67/file2", [pid 289] newfstatat(AT_FDCWD, "./66/file2", [pid 288] newfstatat(AT_FDCWD, "./65/file2", [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2348 attached [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2348 [pid 2348] set_robust_list(0x555594a056a0, 24) = 0 [pid 2348] chdir("./70") = 0 [pid 290] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2348] setpgid(0, 0) = 0 [pid 2348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2348] write(3, "1000", 4) = 4 [pid 2348] close(3) = 0 [pid 2348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 290] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", [pid 2348] write(1, "executing program\n", 18 executing program [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 2348] <... write resumed>) = 18 [pid 2348] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 2348] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 290] close(4 [pid 288] getdents64(4, [pid 2348] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 290] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] rmdir("./67/file2" [pid 289] close(4 [pid 2348] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2348] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] getdents64(4, [pid 2348] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./66/file2" [pid 2348] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 290] newfstatat(AT_FDCWD, "./67/binderfs", [pid 289] <... rmdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] unlink("./67/binderfs" [pid 288] close(4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2348] <... clone3 resumed> => {parent_tid=[2350]}, 88) = 2350 [pid 2348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2348] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... unlink resumed>) = 0 [pid 2348] <... futex resumed>) = 0 [pid 2348] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 290] getdents64(3, [pid 289] newfstatat(AT_FDCWD, "./66/binderfs", [pid 288] <... close resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] close(3 [pid 288] rmdir("./65/file2" [pid 290] <... close resumed>) = 0 [pid 289] unlink("./66/binderfs"./strace-static-x86_64: Process 2350 attached [pid 2350] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] rmdir("./67" [pid 2350] memfd_create("syzkaller", 0) = 3 [pid 2350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2343] <... mount resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2343] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] <... unlink resumed>) = 0 [pid 2343] <... openat resumed>) = 3 [pid 288] <... rmdir resumed>) = 0 [pid 2343] chdir("./file2" [pid 290] mkdir("./68", 0777 [pid 289] getdents64(3, [pid 288] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2343] <... chdir resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 2343] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2343] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 289] close(3 [pid 2343] ioctl(4, LOOP_CLR_FD [pid 288] newfstatat(AT_FDCWD, "./65/binderfs", [pid 2343] <... ioctl resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... close resumed>) = 0 [pid 2343] close(4 [pid 289] rmdir("./66" [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2343] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2350] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2350] ioctl(4, LOOP_SET_FD, 3 [pid 2343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2343] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2342] <... futex resumed>) = 0 [pid 288] unlink("./65/binderfs" [pid 2342] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] close(3 [pid 2350] <... ioctl resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2352 [pid 2350] close(3) = 0 [pid 2350] close(4 [pid 289] <... rmdir resumed>) = 0 [pid 2343] <... openat resumed>) = 4 [pid 289] mkdir("./67", 0777 [pid 2343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... unlink resumed>) = 0 [pid 2343] <... futex resumed>) = 1 [pid 2342] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2352 attached [pid 2343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2342] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] getdents64(3, [pid 2343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2342] <... futex resumed>) = 0 [pid 2343] write(4, "#! \n", 4 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2342] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2343] <... write resumed>) = 4 [pid 2342] <... futex resumed>) = 0 [pid 2343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(3 [pid 2343] <... futex resumed>) = 0 [pid 2342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... mkdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2342] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2342] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] rmdir("./65" [pid 2342] <... mprotect resumed>) = 0 [pid 2352] set_robust_list(0x555594a056a0, 24 [pid 2342] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2352] <... set_robust_list resumed>) = 0 [pid 2352] chdir("./68") = 0 [pid 2352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] <... rmdir resumed>) = 0 [pid 2342] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] mkdir("./66", 0777 [pid 2352] <... prctl resumed>) = 0 [pid 2352] setpgid(0, 0) = 0 [pid 2352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] <... mkdir resumed>) = 0 [pid 2342] <... clone3 resumed> => {parent_tid=[2353]}, 88) = 2353 [pid 2342] rt_sigprocmask(SIG_SETMASK, [], [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2342] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2352] <... openat resumed>) = 3 [pid 2352] write(3, "1000", 4) = 4 [pid 2352] close(3) = 0 [pid 2352] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 2353 attached [pid 2353] set_robust_list(0x7f0aeccae9a0, 24 [pid 2352] <... symlink resumed>) = 0 [pid 2353] <... set_robust_list resumed>) = 0 [pid 2352] write(1, "executing program\n", 18 [pid 2353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2353] write(4, "#! \n", 4executing program ) = 4 [pid 2353] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2353] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] <... write resumed>) = 18 [pid 2352] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2352] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2352] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2342] <... futex resumed>) = 0 [pid 2352] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2342] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2343] <... futex resumed>) = 0 [pid 2342] <... futex resumed>) = 1 ./strace-static-x86_64: Process 2354 attached [pid 2343] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2354] set_robust_list(0x7f0aecccf9a0, 24 [pid 2352] <... clone3 resumed> => {parent_tid=[2354]}, 88) = 2354 [pid 2342] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... mmap resumed>) = 0x200000000000 [pid 2343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2354] <... set_robust_list resumed>) = 0 [pid 2354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2354] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2352] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2354] <... futex resumed>) = 0 [pid 2354] memfd_create("syzkaller", 0 [pid 2342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2354] <... memfd_create resumed>) = 3 [pid 2342] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2343] <... futex resumed>) = 0 [pid 2342] <... futex resumed>) = 1 [pid 2354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2354] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2354] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2342] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2342] <... futex resumed>) = ? [pid 2353] <... futex resumed>) = ? [pid 2353] +++ killed by SIGBUS +++ [pid 2343] +++ killed by SIGBUS +++ [pid 2342] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2342, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2350] <... close resumed>) = 0 [pid 2354] <... openat resumed>) = 4 [pid 2350] mkdir("./file2", 0777 [pid 291] <... restart_syscall resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2350] <... mkdir resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2350] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] close(3 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... close resumed>) = 0 [pid 291] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... openat resumed>) = 3 [pid 291] newfstatat(3, "", [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2355 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... openat resumed>) = 3 [pid 291] getdents64(3, [pid 289] ioctl(3, LOOP_CLR_FD [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2354] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2355 attached [pid 2355] set_robust_list(0x555594a056a0, 24 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2357 [pid 2355] <... set_robust_list resumed>) = 0 [pid 2355] chdir("./66") = 0 [pid 2355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2355] setpgid(0, 0) = 0 [pid 2355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2355] write(3, "1000", 4) = 4 [pid 2355] close(3) = 0 [pid 2355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2355] write(1, "executing program\n", 18executing program ) = 18 ./strace-static-x86_64: Process 2357 attached [pid 2355] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] set_robust_list(0x555594a056a0, 24) = 0 [pid 2357] chdir("./67") = 0 [pid 2357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2355] <... futex resumed>) = 0 [pid 2354] <... ioctl resumed>) = 0 [pid 2350] <... mount resumed>) = 0 [pid 2354] close(3 [pid 2350] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2354] <... close resumed>) = 0 [pid 2350] <... openat resumed>) = 3 [pid 2354] close(4 [pid 2350] chdir("./file2") = 0 [pid 2350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2350] ioctl(4, LOOP_CLR_FD) = 0 [pid 2350] close(4) = 0 [pid 2350] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2348] <... futex resumed>) = 0 [pid 2350] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2348] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2350] <... openat resumed>) = 4 [pid 2348] <... futex resumed>) = 0 [pid 2350] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2348] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2357] setpgid(0, 0 [pid 2355] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2350] <... futex resumed>) = 0 [pid 2348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2357] <... setpgid resumed>) = 0 [pid 2355] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2350] write(4, "#! \n", 4 [pid 2348] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2350] <... write resumed>) = 4 [pid 2348] <... futex resumed>) = 0 [pid 2357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2350] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2348] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] <... openat resumed>) = 3 [pid 2355] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2350] <... futex resumed>) = 0 [pid 2348] <... futex resumed>) = 0 [pid 2357] write(3, "1000", 4 [pid 2355] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2350] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2348] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2355] <... mprotect resumed>) = 0 [pid 2357] <... write resumed>) = 4 ./strace-static-x86_64: Process 2360 attached [pid 2348] <... clone3 resumed> => {parent_tid=[2360]}, 88) = 2360 [pid 2348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2348] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2348] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2360] set_robust_list(0x7f0aeccae9a0, 24 [pid 2357] close(3 [pid 2355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2361]}, 88) = 2361 [pid 2355] rt_sigprocmask(SIG_SETMASK, [], [pid 2357] <... close resumed>) = 0 [pid 2355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2355] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2355] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2360] <... set_robust_list resumed>) = 0 [pid 2360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2360] write(4, "#! \n", 4) = 4 ./strace-static-x86_64: Process 2361 attached [pid 2357] symlink("/dev/binderfs", "./binderfs" [pid 2360] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2348] <... futex resumed>) = 0 [pid 2348] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2350] <... futex resumed>) = 0 [pid 2348] <... futex resumed>) = 1 [pid 2350] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2348] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2350] <... mmap resumed>) = 0x200000000000 [pid 2350] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2348] <... futex resumed>) = 0 [pid 2350] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2348] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 54.742613][ T2343] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2348] <... futex resumed>) = 0 [pid 2361] set_robust_list(0x7f0aecccf9a0, 24 [pid 2360] <... futex resumed>) = 1 [pid 2357] <... symlink resumed>) = 0 executing program [pid 2357] write(1, "executing program\n", 18) = 18 [pid 2357] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2348] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2357] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2357] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2362]}, 88) = 2362 [pid 2357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2357] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2361] <... set_robust_list resumed>) = 0 [pid 2361] rt_sigprocmask(SIG_SETMASK, [], [pid 2360] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2361] memfd_create("syzkaller", 0) = 3 [pid 2361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 2362 attached [pid 2350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2362] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2348] <... futex resumed>) = ? [pid 2362] rt_sigprocmask(SIG_SETMASK, [], [pid 2360] <... futex resumed>) = ? [pid 2360] +++ killed by SIGBUS +++ [pid 2362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2350] +++ killed by SIGBUS +++ [pid 2348] +++ killed by SIGBUS +++ [pid 2362] memfd_create("syzkaller", 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2348, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2362] <... memfd_create resumed>) = 3 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2354] <... close resumed>) = 0 [pid 2361] <... write resumed>) = 524288 [pid 2362] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2361] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2362] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2362] ioctl(4, LOOP_SET_FD, 3 [pid 2361] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2354] mkdir("./file2", 0777 [pid 2362] <... ioctl resumed>) = 0 [pid 2354] <... mkdir resumed>) = 0 [pid 2362] close(3) = 0 [pid 2362] close(4 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2361] <... openat resumed>) = 4 [pid 2361] ioctl(4, LOOP_SET_FD, 3 [pid 2354] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./67/file2" [pid 2361] <... ioctl resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 291] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./67/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./67") = 0 [pid 291] mkdir("./68", 0777 [pid 2361] close(3 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2361] <... close resumed>) = 0 [pid 2361] close(4 [pid 2362] <... close resumed>) = 0 [pid 2362] mkdir("./file2", 0777) = 0 [ 54.787899][ T2350] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2362] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2354] <... mount resumed>) = 0 [pid 2354] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2354] chdir("./file2") = 0 [pid 2354] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 2361] <... close resumed>) = 0 [pid 2354] <... openat resumed>) = 4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... umount2 resumed>) = 0 [pid 2354] ioctl(4, LOOP_CLR_FD [pid 291] close(3 [pid 287] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2354] <... ioctl resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2354] close(4 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] newfstatat(AT_FDCWD, "./70/file2", [pid 2361] mkdir("./file2", 0777 [pid 2354] <... close resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2354] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2367 [pid 287] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2354] <... futex resumed>) = 1 [pid 2352] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2354] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2361] <... mkdir resumed>) = 0 [pid 2354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2352] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 4 ./strace-static-x86_64: Process 2367 attached [pid 2361] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2354] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2352] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] newfstatat(4, "", [pid 2367] set_robust_list(0x555594a056a0, 24) = 0 [pid 2367] chdir("./68" [pid 2354] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2354] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(4, [pid 2354] <... futex resumed>) = 1 [pid 2352] <... futex resumed>) = 0 [pid 2367] <... chdir resumed>) = 0 [pid 2352] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2354] write(4, "#! \n", 4 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2352] <... futex resumed>) = 0 [pid 2367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2354] <... write resumed>) = 4 [pid 2352] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(4, [pid 2354] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2354] <... futex resumed>) = 0 [pid 2352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] close(4 [pid 2354] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... close resumed>) = 0 [pid 2352] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] rmdir("./70/file2" [pid 2352] <... mprotect resumed>) = 0 [pid 2367] <... prctl resumed>) = 0 [pid 2367] setpgid(0, 0) = 0 [pid 2367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2352] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... rmdir resumed>) = 0 [pid 2352] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2367] <... openat resumed>) = 3 [pid 287] newfstatat(AT_FDCWD, "./70/binderfs", [pid 2352] <... clone3 resumed> => {parent_tid=[2368]}, 88) = 2368 ./strace-static-x86_64: Process 2368 attached [pid 2352] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] unlink("./70/binderfs" [pid 2352] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] write(3, "1000", 4) = 4 [pid 2367] close(3 [pid 287] <... unlink resumed>) = 0 [pid 2352] <... futex resumed>) = 0 [pid 287] getdents64(3, [pid 2352] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2367] <... close resumed>) = 0 [pid 287] close(3 [pid 2367] symlink("/dev/binderfs", "./binderfs" [pid 287] <... close resumed>) = 0 [pid 2368] set_robust_list(0x7f0aeccae9a0, 24 [pid 287] rmdir("./70" [pid 2368] <... set_robust_list resumed>) = 0 [pid 2367] <... symlink resumed>) = 0 [pid 2367] write(1, "executing program\n", 18executing program [pid 287] <... rmdir resumed>) = 0 [pid 2367] <... write resumed>) = 18 [pid 287] mkdir("./71", 0777 [pid 2367] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 287] <... mkdir resumed>) = 0 [pid 2367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2367] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2367] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2368] rt_sigprocmask(SIG_SETMASK, [], [pid 2367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2368] write(4, "#! \n", 4) = 4 [pid 2368] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] <... futex resumed>) = 0 [pid 2368] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2354] <... futex resumed>) = 0 [pid 2352] <... futex resumed>) = 1 [pid 2354] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2352] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2354] <... mmap resumed>) = 0x200000000000 [pid 2354] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] <... futex resumed>) = 0 [pid 2354] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2352] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2352] <... futex resumed>) = 0 [pid 2367] <... clone3 resumed> => {parent_tid=[2369]}, 88) = 2369 [pid 2367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2369 attached [pid 2369] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2369] memfd_create("syzkaller", 0) = 3 [pid 2369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2369] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2369] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2352] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2368] <... futex resumed>) = ? [pid 2352] <... futex resumed>) = ? [pid 2368] +++ killed by SIGBUS +++ [pid 2354] +++ killed by SIGBUS +++ [pid 2352] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2352, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2362] <... mount resumed>) = 0 [pid 2362] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2362] chdir("./file2") = 0 [ 54.953878][ T2354] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2362] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2361] <... mount resumed>) = 0 [pid 2361] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2361] chdir("./file2") = 0 [pid 2361] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2369] <... openat resumed>) = 4 [pid 2362] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 2369] ioctl(4, LOOP_SET_FD, 3 [pid 2362] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 2362] <... ioctl resumed>) = 0 [pid 2362] close(4 [pid 2369] <... ioctl resumed>) = 0 [pid 2361] <... openat resumed>) = 4 [pid 2361] ioctl(4, LOOP_CLR_FD) = 0 [pid 2361] close(4) = 0 [pid 2369] close(3 [pid 2361] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2369] <... close resumed>) = 0 [pid 2361] <... futex resumed>) = 1 [pid 2369] close(4 [pid 2361] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... umount2 resumed>) = 0 [pid 2355] <... futex resumed>) = 0 [pid 290] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2355] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2361] <... futex resumed>) = 0 [pid 2355] <... futex resumed>) = 1 [pid 290] newfstatat(AT_FDCWD, "./68/file2", [pid 2361] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2355] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2361] <... openat resumed>) = 4 [pid 290] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2361] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2361] <... futex resumed>) = 1 [pid 2355] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2361] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2355] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2355] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 2361] write(4, "#! \n", 4 [pid 2355] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 2361] <... write resumed>) = 4 [pid 2361] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2355] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2361] <... futex resumed>) = 0 [pid 2355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2361] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] getdents64(4, [pid 2355] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2355] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2355] <... mprotect resumed>) = 0 [pid 290] getdents64(4, [pid 2355] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2355] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] close(4./strace-static-x86_64: Process 2375 attached ) = 0 [pid 2355] <... clone3 resumed> => {parent_tid=[2375]}, 88) = 2375 [pid 2355] rt_sigprocmask(SIG_SETMASK, [], [pid 290] rmdir("./68/file2" [pid 2355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2375] set_robust_list(0x7f0aeccae9a0, 24 [pid 2355] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2375] <... set_robust_list resumed>) = 0 [pid 2375] rt_sigprocmask(SIG_SETMASK, [], [pid 2355] <... futex resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2375] write(4, "#! \n", 4) = 4 [pid 2355] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2375] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2355] <... futex resumed>) = 0 [pid 2355] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2361] <... futex resumed>) = 0 [pid 2355] <... futex resumed>) = 1 [pid 2361] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2355] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2361] <... mmap resumed>) = 0x200000000000 [pid 2361] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2355] <... futex resumed>) = 0 [pid 2361] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2355] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2355] <... futex resumed>) = 0 [pid 2375] <... futex resumed>) = 1 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2355] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./68/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./68") = 0 [pid 290] mkdir("./69", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2375] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2361] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2355] <... futex resumed>) = ? [pid 2375] <... futex resumed>) = ? [pid 2375] +++ killed by SIGBUS +++ [pid 2361] +++ killed by SIGBUS +++ [pid 2355] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 2369] <... close resumed>) = 0 [pid 2362] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2369] mkdir("./file2", 0777) = 0 [pid 2369] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2362] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] close(3 [pid 2362] <... futex resumed>) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2362] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... close resumed>) = 0 [pid 2357] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2362] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 2376 attached [pid 2376] set_robust_list(0x555594a056a0, 24) = 0 [pid 2376] chdir("./71" [pid 2362] <... openat resumed>) = 4 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2376 [pid 2362] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... chdir resumed>) = 0 [pid 2362] <... futex resumed>) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2362] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2357] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2376] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2357] <... futex resumed>) = 0 [pid 2362] write(4, "#! \n", 4 [pid 2376] <... prctl resumed>) = 0 [pid 2357] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] setpgid(0, 0 [pid 2362] <... write resumed>) = 4 [pid 2357] <... futex resumed>) = 0 [pid 2376] <... setpgid resumed>) = 0 [pid 2357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2362] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2362] <... futex resumed>) = 0 [pid 2357] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2376] <... openat resumed>) = 3 [pid 2376] write(3, "1000", 4) = 4 [pid 2376] close(3) = 0 [pid 2376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2376] write(1, "executing program\n", 18) = 18 [pid 2376] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2376] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2376] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2377]}, 88) = 2377 [pid 2376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2376] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2357] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... openat resumed>) = 3 [pid 2357] <... mprotect resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 2376] <... futex resumed>) = 0 [pid 2357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2376] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2357] <... clone3 resumed> => {parent_tid=[2378]}, 88) = 2378 [pid 2357] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2377 attached NULL, 8) = 0 [pid 2377] set_robust_list(0x7f0aecccf9a0, 24 [pid 2357] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2378 attached [pid 2369] <... mount resumed>) = 0 [pid 2377] <... set_robust_list resumed>) = 0 [pid 2377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2377] memfd_create("syzkaller", 0) = 3 [pid 2377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2378] set_robust_list(0x7f0aeccae9a0, 24 [pid 2369] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2357] <... futex resumed>) = 0 [pid 2378] <... set_robust_list resumed>) = 0 [pid 2357] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2378] write(4, "#! \n", 4) = 4 [pid 2378] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2378] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2357] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] <... futex resumed>) = 0 [pid 2357] <... futex resumed>) = 1 [pid 2369] <... openat resumed>) = 3 [pid 2362] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2357] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2369] chdir("./file2" [pid 2362] <... mmap resumed>) = 0x200000000000 [pid 2369] <... chdir resumed>) = 0 [pid 2362] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2369] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2362] <... futex resumed>) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [ 55.069624][ T2361] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2357] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2377] <... write resumed>) = 524288 [pid 2377] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2377] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2362] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2378] <... futex resumed>) = ? [pid 2357] <... futex resumed>) = ? [pid 2378] +++ killed by SIGBUS +++ [pid 288] <... umount2 resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2369] <... openat resumed>) = 4 [pid 2369] ioctl(4, LOOP_CLR_FD) = 0 [pid 2369] close(4) = 0 [pid 2369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2367] <... futex resumed>) = 0 [pid 2369] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] close(3 [pid 2369] <... openat resumed>) = 4 [pid 2367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2367] <... futex resumed>) = 0 [pid 2369] write(4, "#! \n", 4 [pid 2367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2369] <... write resumed>) = 4 [pid 2367] <... futex resumed>) = 0 [pid 2369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2369] <... futex resumed>) = 0 [pid 2367] <... futex resumed>) = 0 [pid 2369] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 290] <... close resumed>) = 0 [pid 2367] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2367] <... mprotect resumed>) = 0 [pid 2367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2381 [pid 288] newfstatat(AT_FDCWD, "./66/file2", [pid 2367] <... clone3 resumed> => {parent_tid=[2382]}, 88) = 2382 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2367] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] <... openat resumed>) = 4 [pid 2377] ioctl(4, LOOP_SET_FD, 3 [pid 288] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2381 attached ) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 2382 attached [pid 2381] set_robust_list(0x555594a056a0, 24 [pid 2362] +++ killed by SIGBUS +++ [pid 2357] +++ killed by SIGBUS +++ [pid 288] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2381] <... set_robust_list resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 2381] chdir("./69" [pid 288] newfstatat(4, "", [pid 2381] <... chdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] getdents64(4, [pid 2381] <... prctl resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2381] setpgid(0, 0 [pid 288] getdents64(4, [pid 2381] <... setpgid resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2382] set_robust_list(0x7f0aeccae9a0, 24 [pid 2381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] close(4 [pid 2382] <... set_robust_list resumed>) = 0 [pid 2381] <... openat resumed>) = 3 [pid 288] <... close resumed>) = 0 [pid 2382] rt_sigprocmask(SIG_SETMASK, [], [pid 2381] write(3, "1000", 4 [pid 288] rmdir("./66/file2" [pid 2382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2381] <... write resumed>) = 4 [pid 288] <... rmdir resumed>) = 0 [pid 2382] write(4, "#! \n", 4 [pid 2381] close(3 [pid 288] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2382] <... write resumed>) = 4 [pid 2381] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2382] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] symlink("/dev/binderfs", "./binderfs" [pid 288] newfstatat(AT_FDCWD, "./66/binderfs", [pid 2382] <... futex resumed>) = 1 [pid 2381] <... symlink resumed>) = 0 executing program [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2382] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2381] write(1, "executing program\n", 18 [pid 288] unlink("./66/binderfs" [pid 2381] <... write resumed>) = 18 [pid 288] <... unlink resumed>) = 0 [pid 2381] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] getdents64(3, [pid 2381] <... futex resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2381] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 288] close(3 [pid 2381] <... rt_sigaction resumed>NULL, 8) = 0 [pid 288] <... close resumed>) = 0 [pid 2381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 288] rmdir("./66" [pid 2381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 2381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] mkdir("./67", 0777 [pid 2381] <... mmap resumed>) = 0x7f0aeccaf000 [pid 288] <... mkdir resumed>) = 0 [pid 2381] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2377] <... ioctl resumed>) = 0 [pid 2367] <... futex resumed>) = 0 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2357, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2381] <... mprotect resumed>) = 0 [pid 2377] close(3 [pid 2367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] <... openat resumed>) = 3 [pid 2381] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2377] <... close resumed>) = 0 [pid 2369] <... futex resumed>) = 0 [pid 2367] <... futex resumed>) = 1 [pid 289] <... restart_syscall resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2381] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2377] close(4 [pid 2369] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2369] <... mmap resumed>) = 0x200000000000 [pid 288] close(3 [pid 2369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2381] <... clone3 resumed> => {parent_tid=[2384]}, 88) = 2384 [pid 2369] <... futex resumed>) = 1 [pid 2367] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2381] rt_sigprocmask(SIG_SETMASK, [], [pid 2369] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2367] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2381] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... openat resumed>) = 3 ./strace-static-x86_64: Process 2384 attached [pid 2384] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2384] memfd_create("syzkaller", 0) = 3 [pid 2384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2384] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2384] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2382] <... futex resumed>) = ? [pid 2367] <... futex resumed>) = ? [pid 2382] +++ killed by SIGBUS +++ [pid 2369] +++ killed by SIGBUS +++ [pid 2367] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2377] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2384] <... openat resumed>) = 4 [pid 2384] ioctl(4, LOOP_SET_FD, 3 [pid 2377] mkdir("./file2", 0777 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2377] <... mkdir resumed>) = 0 [pid 2377] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"./strace-static-x86_64: Process 2386 attached [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2386 [pid 2386] set_robust_list(0x555594a056a0, 24) = 0 [pid 2386] chdir("./67") = 0 [pid 2386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2386] setpgid(0, 0) = 0 [pid 2386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2386] write(3, "1000", 4) = 4 [pid 2386] close(3) = 0 [pid 2386] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2386] write(1, "executing program\n", 18) = 18 [pid 2386] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2386] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2386] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2387 attached => {parent_tid=[2387]}, 88) = 2387 [pid 2387] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2387] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2386] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2387] <... futex resumed>) = 0 [pid 2387] memfd_create("syzkaller", 0 [pid 2386] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2387] <... memfd_create resumed>) = 3 [pid 2387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2387] munmap(0x7f0ae48af000, 138412032) = 0 [ 55.117644][ T2362] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 55.151932][ T2369] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2387] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2384] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 2384] close(3) = 0 [pid 2384] close(4 [pid 291] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2387] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./68/file2", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2387] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(AT_FDCWD, "./67/file2", [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... openat resumed>) = 4 [pid 289] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(4, "", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] getdents64(4, [pid 289] <... openat resumed>) = 4 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] newfstatat(4, "", [pid 291] getdents64(4, [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 289] getdents64(4, [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./68/file2" [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 291] <... rmdir resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] close(4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... close resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./68/binderfs", [pid 289] rmdir("./67/file2" [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 291] unlink("./68/binderfs") = 0 [pid 291] getdents64(3, [pid 2377] <... mount resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2377] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 291] close(3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... close resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./67/binderfs", [pid 2377] <... openat resumed>) = 3 [pid 2377] chdir("./file2" [pid 291] rmdir("./68" [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2377] <... chdir resumed>) = 0 [pid 2377] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] <... rmdir resumed>) = 0 [pid 289] unlink("./67/binderfs" [pid 291] mkdir("./69", 0777 [pid 289] <... unlink resumed>) = 0 [pid 289] getdents64(3, [pid 291] <... mkdir resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... close resumed>) = 0 [pid 289] rmdir("./67") = 0 [pid 289] mkdir("./68", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2384] <... close resumed>) = 0 [pid 2384] mkdir("./file2", 0777) = 0 [pid 2384] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2387] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 2377] <... openat resumed>) = 4 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] <... openat resumed>) = 3 [pid 2387] close(3) = 0 [pid 2387] close(4 [pid 2377] ioctl(4, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 2384] <... mount resumed>) = 0 [pid 2384] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2384] chdir("./file2") = 0 [pid 2384] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2387] <... close resumed>) = 0 [pid 2387] mkdir("./file2", 0777 [pid 2384] <... openat resumed>) = 4 [pid 2377] <... ioctl resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 2377] close(4 [pid 291] close(3 [pid 2377] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 2384] ioctl(4, LOOP_CLR_FD) = 0 [pid 2384] close(4) = 0 [pid 2384] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2381] <... futex resumed>) = 0 [pid 2387] <... mkdir resumed>) = 0 [pid 2384] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2381] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2387] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2384] <... openat resumed>) = 4 [pid 2381] <... futex resumed>) = 0 [pid 2384] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2384] <... futex resumed>) = 0 [pid 2381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2384] write(4, "#! \n", 4 [pid 2381] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2384] <... write resumed>) = 4 [pid 2381] <... futex resumed>) = 0 [pid 2384] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2384] <... futex resumed>) = 0 [pid 2381] <... futex resumed>) = 0 [pid 2384] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2381] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2394]}, 88) = 2394 [pid 2381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2381] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2381] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2377] <... futex resumed>) = 1 [pid 2376] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2394 attached [pid 2394] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2394] write(4, "#! \n", 4) = 4 [pid 2394] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2381] <... futex resumed>) = 0 [pid 2381] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2384] <... futex resumed>) = 0 [pid 2381] <... futex resumed>) = 1 [pid 2384] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2381] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2384] <... mmap resumed>) = 0x200000000000 [pid 2384] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2381] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2396 attached ./strace-static-x86_64: Process 2395 attached [pid 2394] <... futex resumed>) = 1 [pid 2381] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2377] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2376] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2395 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2396 [pid 2396] set_robust_list(0x555594a056a0, 24 [pid 2395] set_robust_list(0x555594a056a0, 24 [pid 2377] <... openat resumed>) = 4 [pid 2376] <... futex resumed>) = 0 [pid 2396] <... set_robust_list resumed>) = 0 [pid 2395] <... set_robust_list resumed>) = 0 [pid 2377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2396] chdir("./68" [pid 2395] chdir("./69" [pid 2377] <... futex resumed>) = 0 [pid 2376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2396] <... chdir resumed>) = 0 [pid 2395] <... chdir resumed>) = 0 [pid 2377] write(4, "#! \n", 4 [pid 2376] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2395] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2377] <... write resumed>) = 4 [pid 2376] <... futex resumed>) = 0 [pid 2396] <... prctl resumed>) = 0 [pid 2395] <... prctl resumed>) = 0 [pid 2377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2396] setpgid(0, 0 [pid 2395] setpgid(0, 0 [pid 2377] <... futex resumed>) = 0 [pid 2376] <... futex resumed>) = 0 [pid 2396] <... setpgid resumed>) = 0 [pid 2395] <... setpgid resumed>) = 0 [pid 2377] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2376] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2396] <... openat resumed>) = 3 [pid 2395] <... openat resumed>) = 3 [pid 2376] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2396] write(3, "1000", 4 [pid 2395] write(3, "1000", 4 [pid 2376] <... mprotect resumed>) = 0 [pid 2396] <... write resumed>) = 4 [pid 2395] <... write resumed>) = 4 [pid 2376] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2396] close(3 [pid 2395] close(3 [pid 2376] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2396] <... close resumed>) = 0 [pid 2395] <... close resumed>) = 0 [pid 2376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2396] symlink("/dev/binderfs", "./binderfs" [pid 2395] symlink("/dev/binderfs", "./binderfs" [pid 2396] <... symlink resumed>) = 0 [pid 2395] <... symlink resumed>) = 0 executing program [pid 2381] <... futex resumed>) = 0 [pid 2376] <... clone3 resumed> => {parent_tid=[2399]}, 88) = 2399 [pid 2396] write(1, "executing program\n", 18executing program [pid 2395] write(1, "executing program\n", 18 [pid 2376] rt_sigprocmask(SIG_SETMASK, [], [pid 2396] <... write resumed>) = 18 [pid 2395] <... write resumed>) = 18 [pid 2376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2396] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2396] <... futex resumed>) = 0 [pid 2395] <... futex resumed>) = 0 [pid 2394] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2381] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2376] <... futex resumed>) = 0 [pid 2396] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2395] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2376] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2396] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2395] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2395] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 2399 attached [pid 2396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2387] <... mount resumed>) = 0 [pid 2384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2399] set_robust_list(0x7f0aeccae9a0, 24 [pid 2396] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2395] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2387] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2381] <... futex resumed>) = ? [pid 2394] <... futex resumed>) = ? [pid 2399] <... set_robust_list resumed>) = 0 [pid 2396] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2395] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2387] <... openat resumed>) = 3 [pid 2399] rt_sigprocmask(SIG_SETMASK, [], [pid 2396] <... mprotect resumed>) = 0 [pid 2395] <... mprotect resumed>) = 0 [pid 2394] +++ killed by SIGBUS +++ [pid 2387] chdir("./file2" [pid 2399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2396] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2395] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2387] <... chdir resumed>) = 0 [pid 2399] write(4, "#! \n", 4 [pid 2396] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2395] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2387] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2384] +++ killed by SIGBUS +++ [pid 2381] +++ killed by SIGBUS +++ [pid 2399] <... write resumed>) = 4 [pid 2396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2387] <... openat resumed>) = 4 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2381, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [ 55.340784][ T2384] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2399] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] ioctl(4, LOOP_CLR_FD [pid 2396] <... clone3 resumed> => {parent_tid=[2400]}, 88) = 2400 [pid 2387] <... ioctl resumed>) = 0 [pid 2376] <... futex resumed>) = 0 [pid 2376] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] close(4 [pid 290] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2400 attached [pid 2399] <... futex resumed>) = 1 [pid 2396] rt_sigprocmask(SIG_SETMASK, [], [pid 2395] <... clone3 resumed> => {parent_tid=[2401]}, 88) = 2401 [pid 2387] <... close resumed>) = 0 [pid 2377] <... futex resumed>) = 0 [pid 2376] <... futex resumed>) = 1 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2399] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2395] rt_sigprocmask(SIG_SETMASK, [], [pid 2387] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2377] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2376] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2396] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2387] <... futex resumed>) = 1 [pid 2377] <... mmap resumed>) = 0x200000000000 [pid 290] <... openat resumed>) = 3 [pid 2396] <... futex resumed>) = 0 [pid 2395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(3, "", [pid 2396] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2395] <... futex resumed>) = 0 [pid 2377] <... futex resumed>) = 1 [pid 2376] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2377] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2376] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(3, [pid 2377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2376] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 2401 attached [pid 2400] set_robust_list(0x7f0aecccf9a0, 24 [pid 2386] <... futex resumed>) = 0 [pid 2401] set_robust_list(0x7f0aecccf9a0, 24 [pid 2400] <... set_robust_list resumed>) = 0 [pid 2386] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... set_robust_list resumed>) = 0 [pid 2400] rt_sigprocmask(SIG_SETMASK, [], [pid 2387] <... futex resumed>) = 0 [pid 2386] <... futex resumed>) = 1 [pid 2401] rt_sigprocmask(SIG_SETMASK, [], [pid 2400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2387] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2386] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2400] memfd_create("syzkaller", 0 [pid 2401] memfd_create("syzkaller", 0 [pid 2400] <... memfd_create resumed>) = 3 [pid 2401] <... memfd_create resumed>) = 3 [pid 2400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2400] <... mmap resumed>) = 0x7f0ae48af000 [pid 2401] <... mmap resumed>) = 0x7f0ae48af000 [pid 2400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2400] <... write resumed>) = 524288 [pid 2387] <... openat resumed>) = 4 [pid 2376] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2387] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2400] munmap(0x7f0ae48af000, 138412032 [pid 2387] <... futex resumed>) = 1 [pid 2386] <... futex resumed>) = 0 [pid 2377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2401] <... write resumed>) = 524288 [pid 2400] <... munmap resumed>) = 0 [pid 2399] <... futex resumed>) = ? [pid 2386] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2376] <... futex resumed>) = ? [pid 2387] write(4, "#! \n", 4 [pid 2400] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2399] +++ killed by SIGBUS +++ [pid 2386] <... futex resumed>) = 0 [pid 2400] <... openat resumed>) = 4 [pid 2387] <... write resumed>) = 4 [pid 2386] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2377] +++ killed by SIGBUS +++ [pid 2376] +++ killed by SIGBUS +++ [pid 2401] munmap(0x7f0ae48af000, 138412032 [pid 2400] ioctl(4, LOOP_SET_FD, 3 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2376, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2387] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... munmap resumed>) = 0 [pid 2386] <... futex resumed>) = 0 [pid 2387] <... futex resumed>) = 0 [pid 2386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2387] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2401] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2386] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2402 attached => {parent_tid=[2402]}, 88) = 2402 [pid 2402] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2402] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2386] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2402] <... futex resumed>) = 0 [pid 2386] <... futex resumed>) = 1 [pid 2402] write(4, "#! \n", 4 [pid 2386] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2402] <... write resumed>) = 4 [pid 2402] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2386] <... futex resumed>) = 0 [pid 2402] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2386] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2387] <... futex resumed>) = 0 [pid 2387] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2387] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2386] <... futex resumed>) = 0 [pid 2387] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2386] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2386] <... futex resumed>) = 0 [pid 2386] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... restart_syscall resumed>) = 0 [pid 2387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2402] <... futex resumed>) = ? [pid 2386] <... futex resumed>) = ? [pid 287] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2402] +++ killed by SIGBUS +++ [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2387] +++ killed by SIGBUS +++ [pid 2386] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2386, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2401] <... openat resumed>) = 4 [pid 2400] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2401] ioctl(4, LOOP_SET_FD, 3 [pid 2400] close(3 [pid 290] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2400] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2400] close(4 [pid 290] newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... restart_syscall resumed>) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./69/file2" [pid 288] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... rmdir resumed>) = 0 [pid 290] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./69/binderfs", [pid 288] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./69/binderfs" [pid 288] <... openat resumed>) = 3 [pid 290] <... unlink resumed>) = 0 [pid 290] getdents64(3, [pid 288] newfstatat(3, "", [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./69" [pid 288] getdents64(3, [pid 290] <... rmdir resumed>) = 0 [pid 290] mkdir("./70", 0777) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2401] <... ioctl resumed>) = 0 [pid 2401] close(3) = 0 [pid 2401] close(4) = 0 [pid 2401] mkdir("./file2", 0777) = 0 [ 55.392992][ T2377] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 55.415517][ T2387] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2401] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue") = 0 [pid 2401] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2401] chdir("./file2") = 0 [pid 2401] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2400] <... close resumed>) = 0 [pid 2400] mkdir("./file2", 0777) = 0 [pid 2400] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program [pid 290] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2407 ./strace-static-x86_64: Process 2407 attached [pid 2407] set_robust_list(0x555594a056a0, 24) = 0 [pid 2407] chdir("./70") = 0 [pid 2407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2407] setpgid(0, 0) = 0 [pid 2407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2407] write(3, "1000", 4) = 4 [pid 2407] close(3) = 0 [pid 2407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2407] write(1, "executing program\n", 18) = 18 [pid 2407] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2407] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2407] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2408]}, 88) = 2408 [pid 2407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2408 attached [pid 2408] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2408] memfd_create("syzkaller", 0) = 3 [pid 2408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] <... umount2 resumed>) = 0 [pid 2401] <... openat resumed>) = 4 [pid 287] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2401] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2401] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2401] close(4 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./71/file2", [pid 2401] <... close resumed>) = 0 [pid 2408] <... write resumed>) = 524288 [pid 2408] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2408] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2408] ioctl(4, LOOP_SET_FD, 3 [pid 288] newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./67/file2" [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2401] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2395] <... futex resumed>) = 0 [pid 2401] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2395] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 2395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2401] <... openat resumed>) = 4 [pid 2401] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... openat resumed>) = 4 [pid 2401] <... futex resumed>) = 1 [pid 2395] <... futex resumed>) = 0 [pid 287] newfstatat(4, "", [pid 2401] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2395] <... futex resumed>) = 0 [pid 2401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] getdents64(4, [pid 2395] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] write(4, "#! \n", 4 [pid 2395] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2401] <... write resumed>) = 4 [pid 2395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] newfstatat(AT_FDCWD, "./67/binderfs", [pid 287] getdents64(4, [pid 2401] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2395] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2401] <... futex resumed>) = 0 [pid 2395] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] close(4 [pid 2401] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2395] <... mprotect resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2395] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] rmdir("./71/file2" [pid 2395] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./67/binderfs"executing program [pid 2395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] <... unlink resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2395] <... clone3 resumed> => {parent_tid=[2410]}, 88) = 2410 [pid 288] close(3 [pid 2395] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... close resumed>) = 0 [pid 288] rmdir("./67") = 0 [pid 288] mkdir("./68", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2411 ./strace-static-x86_64: Process 2410 attached [pid 2410] set_robust_list(0x7f0aeccae9a0, 24 [pid 2395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] newfstatat(AT_FDCWD, "./71/binderfs", [pid 2410] <... set_robust_list resumed>) = 0 [pid 2410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2410] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2411 attached [pid 2411] set_robust_list(0x555594a056a0, 24) = 0 [pid 2411] chdir("./68") = 0 [pid 2411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2411] setpgid(0, 0) = 0 [pid 2411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2411] write(3, "1000", 4) = 4 [pid 2411] close(3) = 0 [pid 2411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2411] write(1, "executing program\n", 18) = 18 [pid 2411] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2411] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2395] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2395] <... futex resumed>) = 1 [pid 2410] <... futex resumed>) = 0 [pid 2410] write(4, "#! \n", 4) = 4 [pid 2410] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2410] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2412]}, 88) = 2412 [pid 2411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2411] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2412 attached [pid 2412] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2412] memfd_create("syzkaller", 0) = 3 [pid 2412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2395] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] unlink("./71/binderfs" [pid 2395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] <... unlink resumed>) = 0 [pid 2395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2401] <... futex resumed>) = 0 [pid 2395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2401] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 287] getdents64(3, [pid 2401] <... mmap resumed>) = 0x200000000000 [pid 2401] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2401] <... futex resumed>) = 1 [pid 2395] <... futex resumed>) = 0 [pid 2401] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] close(3 [pid 2395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] <... close resumed>) = 0 [pid 2395] <... futex resumed>) = 0 [pid 2412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2412] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2412] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2412] ioctl(4, LOOP_SET_FD, 3 [pid 2408] <... ioctl resumed>) = 0 [pid 2408] close(3) = 0 [pid 2408] close(4 [pid 287] rmdir("./71") = 0 [pid 287] mkdir("./72", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... ioctl resumed>) = 0 [pid 2408] <... close resumed>) = 0 [pid 2408] mkdir("./file2", 0777 [pid 287] <... openat resumed>) = 3 [pid 2412] close(3 [pid 2408] <... mkdir resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2412] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2412] close(4 [pid 2408] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2416 [pid 2400] <... mount resumed>) = 0 [pid 2400] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2400] chdir("./file2") = 0 [pid 2400] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 2416 attached [pid 2416] set_robust_list(0x555594a056a0, 24 [pid 2401] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2416] <... set_robust_list resumed>) = 0 [pid 2410] <... futex resumed>) = ? [pid 2395] <... futex resumed>) = ? [pid 2410] +++ killed by SIGBUS +++ [pid 2416] chdir("./72") = 0 [pid 2416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2416] setpgid(0, 0) = 0 [pid 2416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2401] +++ killed by SIGBUS +++ [pid 2395] +++ killed by SIGBUS +++ [pid 2416] <... openat resumed>) = 3 [pid 2416] write(3, "1000", 4) = 4 [pid 2416] close(3executing program ) = 0 [pid 2416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2416] write(1, "executing program\n", 18) = 18 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2416] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2416] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2417]}, 88) = 2417 [pid 2416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2416] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2417 attached [pid 2417] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2417] memfd_create("syzkaller", 0) = 3 [pid 2417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2417] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2417] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2412] <... close resumed>) = 0 [pid 2412] mkdir("./file2", 0777) = 0 [pid 2400] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 2400] ioctl(4, LOOP_CLR_FD [pid 2412] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2400] <... ioctl resumed>) = 0 [pid 291] newfstatat(3, "", [pid 2400] close(4 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2400] <... close resumed>) = 0 [pid 2400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(3, [pid 2400] <... futex resumed>) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2400] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2396] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2396] <... futex resumed>) = 0 [pid 2396] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2400] <... openat resumed>) = 4 [pid 291] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2396] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2396] <... futex resumed>) = 0 [pid 2400] write(4, "#! \n", 4 [pid 2396] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2400] <... write resumed>) = 4 [pid 2396] <... futex resumed>) = 0 [pid 2400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2396] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2400] <... futex resumed>) = 0 [pid 2396] <... clone3 resumed> => {parent_tid=[2419]}, 88) = 2419 [pid 2396] rt_sigprocmask(SIG_SETMASK, [], [pid 2400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2396] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2396] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2419 attached [pid 2419] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2419] write(4, "#! \n", 4) = 4 [pid 2419] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2396] <... futex resumed>) = 0 [pid 2396] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2400] <... futex resumed>) = 0 [pid 2396] <... futex resumed>) = 1 [pid 2400] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2396] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2400] <... mmap resumed>) = 0x200000000000 [pid 2400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2396] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2419] <... futex resumed>) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2419] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2396] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... mount resumed>) = 0 [pid 2412] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2412] chdir("./file2") = 0 [pid 2412] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2408] <... mount resumed>) = 0 [pid 2408] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2408] chdir("./file2") = 0 [ 55.562977][ T2401] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2408] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2419] <... futex resumed>) = ? [pid 2396] <... futex resumed>) = ? [pid 2419] +++ killed by SIGBUS +++ [pid 2400] +++ killed by SIGBUS +++ [pid 2396] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2396, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./69/file2") = 0 [pid 291] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./69/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./69" [pid 2417] <... openat resumed>) = 4 [pid 291] <... rmdir resumed>) = 0 [pid 2417] ioctl(4, LOOP_SET_FD, 3 [pid 2412] <... openat resumed>) = 4 [pid 2408] <... openat resumed>) = 4 [pid 291] mkdir("./70", 0777 [pid 2412] ioctl(4, LOOP_CLR_FD [pid 2408] ioctl(4, LOOP_CLR_FD [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2417] <... ioctl resumed>) = 0 [pid 2412] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 2417] close(3 [pid 2412] close(4 [pid 2408] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 289] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2417] <... close resumed>) = 0 [pid 2412] <... close resumed>) = 0 [pid 2408] close(4 [pid 291] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2417] close(4 [pid 2412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./68/file2", [pid 2412] <... futex resumed>) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2411] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2412] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2411] <... futex resumed>) = 0 [pid 289] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2411] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... openat resumed>) = 4 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2424 [pid 2412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 2424 attached [pid 2424] set_robust_list(0x555594a056a0, 24) = 0 [pid 2424] chdir("./70") = 0 [pid 2412] <... futex resumed>) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2411] <... futex resumed>) = 0 [pid 2412] write(4, "#! \n", 4 [pid 2411] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 4 [pid 2424] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2412] <... write resumed>) = 4 [pid 2411] <... futex resumed>) = 0 [pid 2412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(4, "", [pid 2412] <... futex resumed>) = 0 [pid 2411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2424] <... prctl resumed>) = 0 [pid 2411] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2411] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2424] setpgid(0, 0 [pid 2411] <... mprotect resumed>) = 0 [pid 289] getdents64(4, [pid 2424] <... setpgid resumed>) = 0 [pid 2411] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2411] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] getdents64(4, [pid 2424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2411] <... clone3 resumed> => {parent_tid=[2425]}, 88) = 2425 [pid 2411] rt_sigprocmask(SIG_SETMASK, [], [pid 289] close(4 [pid 2411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2411] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 [pid 2411] <... futex resumed>) = 0 [pid 2411] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] rmdir("./68/file2" [pid 2424] <... openat resumed>) = 3 [pid 2424] write(3, "1000", 4) = 4 [pid 2424] close(3 [pid 289] <... rmdir resumed>) = 0 [pid 2424] <... close resumed>) = 0 [pid 2424] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 289] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2424] write(1, "executing program\n", 18) = 18 [pid 2424] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2424] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2424] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 2425 attached [pid 2424] <... mprotect resumed>) = 0 [pid 2424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2426]}, 88) = 2426 [pid 2424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2424] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2424] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2426 attached [pid 2426] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2426] memfd_create("syzkaller", 0) = 3 [pid 2426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 289] newfstatat(AT_FDCWD, "./68/binderfs", [pid 2425] set_robust_list(0x7f0aeccae9a0, 24 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./68/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./68") = 0 [pid 289] mkdir("./69", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2425] <... set_robust_list resumed>) = 0 [pid 2425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2425] write(4, "#! \n", 4) = 4 [pid 2426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2425] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2411] <... futex resumed>) = 0 [pid 2425] <... futex resumed>) = 1 [pid 2411] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2412] <... futex resumed>) = 0 [pid 2411] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.600160][ T2400] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2412] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2411] <... futex resumed>) = 0 [pid 2426] <... write resumed>) = 524288 [pid 2426] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2426] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2425] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2411] <... futex resumed>) = ? [pid 2425] <... futex resumed>) = ? [pid 2425] +++ killed by SIGBUS +++ [pid 2412] +++ killed by SIGBUS +++ [pid 2411] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2411, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2417] <... close resumed>) = 0 [pid 2408] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2426] <... openat resumed>) = 4 [pid 2426] ioctl(4, LOOP_SET_FD, 3 [pid 2417] mkdir("./file2", 0777 [pid 2408] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] ioctl(3, LOOP_CLR_FD [pid 2408] <... futex resumed>) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2426] <... ioctl resumed>) = 0 [pid 2426] close(3 [pid 2417] <... mkdir resumed>) = 0 [pid 2407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2417] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2408] <... openat resumed>) = 4 [pid 2407] <... futex resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... restart_syscall resumed>) = 0 [pid 2408] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] close(3 [pid 2408] <... futex resumed>) = 0 [pid 2407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2408] write(4, "#! \n", 4 [pid 2407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 [pid 2407] <... futex resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2408] <... write resumed>) = 4 [pid 2407] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2407] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2408] <... futex resumed>) = 0 [pid 2407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2408] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 288] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2407] <... mmap resumed>) = 0x7f0aecc8e000 [pid 288] <... openat resumed>) = 3 [pid 2407] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] newfstatat(3, "", ./strace-static-x86_64: Process 2428 attached [pid 2407] <... mprotect resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2407] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] getdents64(3, [pid 2407] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2428 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2417] <... mount resumed>) = 0 [pid 2417] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2407] <... clone3 resumed> => {parent_tid=[2429]}, 88) = 2429 [pid 2417] <... openat resumed>) = 3 [pid 2407] rt_sigprocmask(SIG_SETMASK, [], [pid 2417] chdir("./file2" [pid 2407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2417] <... chdir resumed>) = 0 [pid 2407] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2407] <... futex resumed>) = 0 [pid 2417] <... openat resumed>) = 4 [pid 2407] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2417] ioctl(4, LOOP_CLR_FD) = 0 [pid 2417] close(4) = 0 [pid 2417] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2417] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2416] <... futex resumed>) = 0 [pid 2417] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2416] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2426] <... close resumed>) = 0 [pid 2426] close(4 [pid 2417] <... openat resumed>) = 4 [pid 2417] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2417] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2416] <... futex resumed>) = 0 [pid 2417] write(4, "#! \n", 4 [pid 2416] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... write resumed>) = 4 [pid 2416] <... futex resumed>) = 0 [pid 2417] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2417] <... futex resumed>) = 0 [pid 2416] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2417] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2432]}, 88) = 2432 [pid 2416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2416] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2428] set_robust_list(0x555594a056a0, 24) = 0 [pid 2428] chdir("./69") = 0 [pid 2428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2428] setpgid(0, 0) = 0 [pid 2428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 2432 attached ./strace-static-x86_64: Process 2429 attached ) = 3 [pid 2429] set_robust_list(0x7f0aeccae9a0, 24 [pid 2428] write(3, "1000", 4 [pid 2429] <... set_robust_list resumed>) = 0 [pid 2428] <... write resumed>) = 4 [pid 2432] set_robust_list(0x7f0aeccae9a0, 24 [pid 2429] rt_sigprocmask(SIG_SETMASK, [], [pid 2428] close(3) = 0 [pid 2429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2432] <... set_robust_list resumed>) = 0 [pid 2428] symlink("/dev/binderfs", "./binderfs" [pid 2429] write(4, "#! \n", 4 [pid 2428] <... symlink resumed>) = 0 [pid 2432] rt_sigprocmask(SIG_SETMASK, [], [pid 2429] <... write resumed>) = 4 executing program [pid 2428] write(1, "executing program\n", 18) = 18 [pid 2432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2429] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2407] <... futex resumed>) = 0 [pid 2432] write(4, "#! \n", 4 [pid 2429] <... futex resumed>) = 1 [pid 2428] <... futex resumed>) = 0 [pid 2407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2432] <... write resumed>) = 4 [pid 2429] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2408] <... futex resumed>) = 0 [pid 2407] <... futex resumed>) = 1 [pid 2432] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2408] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2408] <... mmap resumed>) = 0x200000000000 [pid 2432] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2416] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2417] <... futex resumed>) = 0 [pid 2416] <... futex resumed>) = 1 [ 55.647819][ T2412] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2408] <... futex resumed>) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2428] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2417] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2416] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2408] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] <... mprotect resumed>) = 0 [pid 2417] <... mmap resumed>) = 0x200000000000 [pid 2408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2407] <... futex resumed>) = 0 [pid 2428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2417] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2417] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2416] <... futex resumed>) = 0 [pid 2408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2416] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = 0 [pid 2416] <... futex resumed>) = 1 [pid 2428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2407] <... futex resumed>) = ? [pid 2428] <... clone3 resumed> => {parent_tid=[2433]}, 88) = 2433 [pid 2428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2428] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2428] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2429] <... futex resumed>) = ? [pid 2429] +++ killed by SIGBUS +++ [pid 2408] +++ killed by SIGBUS +++ [pid 2407] +++ killed by SIGBUS +++ [pid 2416] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 2433 attached [pid 2433] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2433] memfd_create("syzkaller", 0) = 3 [pid 2433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2433] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2433] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 290] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2416] <... futex resumed>) = ? [pid 2432] <... futex resumed>) = ? [pid 290] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2432] +++ killed by SIGBUS +++ [pid 2417] +++ killed by SIGBUS +++ [pid 2416] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2426] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 2426] mkdir("./file2", 0777 [pid 287] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2426] <... mkdir resumed>) = 0 [pid 287] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2426] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./68/file2") = 0 [pid 288] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./68/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./68") = 0 [pid 288] mkdir("./69", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2433] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./72/file2", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(4, "", [pid 287] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... openat resumed>) = 4 [pid 290] getdents64(4, [pid 287] newfstatat(4, "", [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] close(4 [pid 287] getdents64(4, [pid 290] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] rmdir("./70/file2" [pid 287] close(4 [pid 290] <... rmdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] rmdir("./72/file2" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... rmdir resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./70/binderfs", [pid 287] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] unlink("./70/binderfs" [pid 287] newfstatat(AT_FDCWD, "./72/binderfs", [pid 2433] ioctl(4, LOOP_SET_FD, 3 [pid 290] <... unlink resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] getdents64(3, [pid 287] unlink("./72/binderfs" [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... unlink resumed>) = 0 [pid 290] close(3 [pid 287] getdents64(3, [pid 290] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] rmdir("./70" [pid 287] close(3 [pid 290] <... rmdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] mkdir("./71", 0777 [pid 287] rmdir("./72" [pid 290] <... mkdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] mkdir("./73", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2426] <... mount resumed>) = 0 [pid 2426] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2426] chdir("./file2") = 0 [pid 2426] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2433] <... ioctl resumed>) = 0 [pid 2433] close(3) = 0 [pid 2433] close(4 [pid 290] <... openat resumed>) = 3 [ 55.694531][ T2408] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 55.710039][ T2417] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] ioctl(3, LOOP_CLR_FDexecuting program [pid 2433] <... close resumed>) = 0 [pid 2426] <... openat resumed>) = 4 [pid 2433] mkdir("./file2", 0777 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2433] <... mkdir resumed>) = 0 [pid 288] close(3 [pid 2433] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... openat resumed>) = 3 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2437 ./strace-static-x86_64: Process 2437 attached [pid 2437] set_robust_list(0x555594a056a0, 24) = 0 [pid 2437] chdir("./69") = 0 [pid 2437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2437] setpgid(0, 0) = 0 [pid 2437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] close(3 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2437] write(3, "1000", 4) = 4 [pid 2437] close(3) = 0 [pid 2437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2437] write(1, "executing program\n", 18) = 18 [pid 2437] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2437] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2438]}, 88) = 2438 [pid 2437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2437] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2438 attached [pid 2438] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2438] memfd_create("syzkaller", 0) = 3 [pid 2438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] close(3 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2440 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2439 [pid 2426] ioctl(4, LOOP_CLR_FD) = 0 [pid 2426] close(4) = 0 [pid 2426] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2424] <... futex resumed>) = 0 [pid 2426] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2424] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2426] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2424] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2438] <... write resumed>) = 524288 [pid 2438] munmap(0x7f0ae48af000, 138412032 [pid 2426] <... openat resumed>) = 4 [pid 2426] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] <... munmap resumed>) = 0 [pid 2438] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2438] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2439 attached [pid 2439] set_robust_list(0x555594a056a0, 24) = 0 [pid 2426] <... futex resumed>) = 1 [pid 2424] <... futex resumed>) = 0 [pid 2424] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2426] write(4, "#! \n", 4 [pid 2424] <... futex resumed>) = 0 [pid 2424] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2426] <... write resumed>) = 4 [pid 2424] <... futex resumed>) = 0 [pid 2439] chdir("./73" [pid 2426] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2439] <... chdir resumed>) = 0 [pid 2439] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2426] <... futex resumed>) = 0 [pid 2424] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2439] <... prctl resumed>) = 0 [pid 2426] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2424] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2439] setpgid(0, 0 [pid 2424] <... mprotect resumed>) = 0 [pid 2439] <... setpgid resumed>) = 0 [pid 2424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2424] <... clone3 resumed> => {parent_tid=[2443]}, 88) = 2443 [pid 2424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2439] <... openat resumed>) = 3 [pid 2424] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2439] write(3, "1000", 4 [pid 2424] <... futex resumed>) = 0 [pid 2424] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2439] <... write resumed>) = 4 [pid 2439] close(3) = 0 [pid 2439] symlink("/dev/binderfs", "./binderfs"executing program ./strace-static-x86_64: Process 2440 attached ) = 0 [pid 2439] write(1, "executing program\n", 18) = 18 [pid 2439] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2439] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2440] set_robust_list(0x555594a056a0, 24 [pid 2439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2440] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 2443 attached [pid 2439] <... clone3 resumed> => {parent_tid=[2445]}, 88) = 2445 [pid 2439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2439] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2439] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2438] <... ioctl resumed>) = 0 [pid 2438] close(3) = 0 [pid 2438] close(4./strace-static-x86_64: Process 2445 attached [pid 2445] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2445] memfd_create("syzkaller", 0) = 3 [pid 2445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2445] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2445] ioctl(4, LOOP_SET_FD, 3 [pid 2440] chdir("./71") = 0 [pid 2440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2440] setpgid(0, 0) = 0 [pid 2440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2433] <... mount resumed>) = 0 [pid 2433] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2440] <... openat resumed>) = 3 [pid 2440] write(3, "1000", 4) = 4 [pid 2440] close(3) = 0 [pid 2440] symlink("/dev/binderfs", "./binderfs"executing program [pid 2433] <... openat resumed>) = 3 [pid 2440] <... symlink resumed>) = 0 [pid 2440] write(1, "executing program\n", 18) = 18 [pid 2440] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2433] chdir("./file2" [pid 2440] <... futex resumed>) = 0 [pid 2440] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2440] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2440] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2443] set_robust_list(0x7f0aeccae9a0, 24 [pid 2433] <... chdir resumed>) = 0 [pid 2440] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2433] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2447]}, 88) = 2447 [pid 2440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2440] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2440] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2445] <... ioctl resumed>) = 0 [pid 2445] close(3) = 0 [pid 2445] close(4 [pid 2443] <... set_robust_list resumed>) = 0 [pid 2443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2443] write(4, "#! \n", 4) = 4 [pid 2443] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2424] <... futex resumed>) = 0 [pid 2443] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2424] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2424] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2426] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 2447 attached [pid 2447] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2426] <... mmap resumed>) = 0x200000000000 [pid 2447] rt_sigprocmask(SIG_SETMASK, [], [pid 2426] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2426] <... futex resumed>) = 1 [pid 2424] <... futex resumed>) = 0 [pid 2426] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2424] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2424] <... futex resumed>) = 0 [pid 2447] memfd_create("syzkaller", 0) = 3 [pid 2424] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2447] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2447] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2426] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2443] <... futex resumed>) = ? [pid 2424] <... futex resumed>) = ? [pid 2443] +++ killed by SIGBUS +++ [pid 2426] +++ killed by SIGBUS +++ [pid 2424] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2424, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2438] <... close resumed>) = 0 [pid 2433] <... openat resumed>) = 4 [pid 2438] mkdir("./file2", 0777 [pid 2433] ioctl(4, LOOP_CLR_FD [pid 2438] <... mkdir resumed>) = 0 [ 55.823046][ T2426] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2438] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2447] <... openat resumed>) = 4 [pid 2445] <... close resumed>) = 0 [pid 2445] mkdir("./file2", 0777) = 0 [pid 2445] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2447] ioctl(4, LOOP_SET_FD, 3 [pid 2433] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 2433] close(4 [pid 291] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2433] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2433] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./70/file2", [pid 2433] <... futex resumed>) = 1 [pid 2428] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2433] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2428] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2433] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2428] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2433] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 4 [pid 2433] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 2433] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2433] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./70/file2") = 0 [pid 291] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./70/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3 [pid 2428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./70") = 0 [pid 291] mkdir("./71", 0777 [pid 2428] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2448 [pid 2428] <... futex resumed>) = 1 [pid 2433] <... futex resumed>) = 0 [pid 2433] write(4, "#! \n", 4 [pid 2428] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2433] <... write resumed>) = 4 [pid 2428] <... futex resumed>) = 0 [pid 2433] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2433] <... futex resumed>) = 0 [pid 2428] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2433] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2448 attached [pid 2448] set_robust_list(0x555594a056a0, 24 [pid 2428] <... clone3 resumed> => {parent_tid=[2451]}, 88) = 2451 [pid 2428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2428] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2428] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2448] <... set_robust_list resumed>) = 0 [pid 2448] chdir("./71") = 0 [pid 2448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2448] setpgid(0, 0) = 0 [pid 2448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2448] write(3, "1000", 4) = 4 [pid 2448] close(3) = 0 [pid 2448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2448] write(1, "executing program\n", 18executing program ) = 18 [pid 2448] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2448] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2448] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2453]}, 88) = 2453 [pid 2448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2448] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2448] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2451 attached [pid 2451] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2451] write(4, "#! \n", 4 [pid 2438] <... mount resumed>) = 0 [pid 2438] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2447] <... ioctl resumed>) = 0 [pid 2438] <... openat resumed>) = 3 [pid 2447] close(3 [pid 2438] chdir("./file2" [pid 2447] <... close resumed>) = 0 [pid 2447] close(4 [pid 2451] <... write resumed>) = 4 [pid 2438] <... chdir resumed>) = 0 [pid 2451] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2451] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2453 attached [pid 2445] <... mount resumed>) = 0 [pid 2438] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2428] <... futex resumed>) = 0 [pid 2453] set_robust_list(0x7f0aecccf9a0, 24 [pid 2445] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2428] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2453] <... set_robust_list resumed>) = 0 [pid 2445] <... openat resumed>) = 3 [pid 2433] <... futex resumed>) = 0 [pid 2428] <... futex resumed>) = 1 [pid 2453] rt_sigprocmask(SIG_SETMASK, [], [pid 2445] chdir("./file2" [pid 2433] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2428] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2445] <... chdir resumed>) = 0 [pid 2433] <... mmap resumed>) = 0x200000000000 [pid 2453] memfd_create("syzkaller", 0 [pid 2445] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2433] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2453] <... memfd_create resumed>) = 3 [pid 2433] <... futex resumed>) = 1 [pid 2428] <... futex resumed>) = 0 [pid 2433] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2428] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2428] <... futex resumed>) = 0 [pid 2453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2453] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2453] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2428] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2433] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2451] <... futex resumed>) = ? [pid 2428] <... futex resumed>) = ? [pid 2451] +++ killed by SIGBUS +++ [pid 2433] +++ killed by SIGBUS +++ [pid 2428] +++ killed by SIGBUS +++ [pid 2447] <... close resumed>) = 0 [pid 2447] mkdir("./file2", 0777 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2428, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2447] <... mkdir resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2447] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2453] <... openat resumed>) = 4 [pid 2445] <... openat resumed>) = 4 [pid 2438] <... openat resumed>) = 4 [pid 2445] ioctl(4, LOOP_CLR_FD [pid 2438] ioctl(4, LOOP_CLR_FD [pid 2453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2445] <... ioctl resumed>) = 0 [pid 2438] <... ioctl resumed>) = 0 [pid 2445] close(4 [pid 2438] close(4 [pid 2445] <... close resumed>) = 0 [pid 2438] <... close resumed>) = 0 [pid 2445] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] <... futex resumed>) = 1 [pid 2439] <... futex resumed>) = 0 [pid 2445] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2438] <... futex resumed>) = 1 [pid 2437] <... futex resumed>) = 0 [pid 2445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2439] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2437] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2439] <... futex resumed>) = 0 [pid 2438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2437] <... futex resumed>) = 0 [pid 2439] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2438] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2437] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2445] <... openat resumed>) = 4 [pid 2453] close(3) = 0 [pid 2445] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] <... openat resumed>) = 4 [pid 289] <... restart_syscall resumed>) = 0 [pid 2445] <... futex resumed>) = 1 [pid 2439] <... futex resumed>) = 0 [pid 2438] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2439] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] <... futex resumed>) = 1 [pid 2445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2439] <... futex resumed>) = 0 [pid 2438] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2437] <... futex resumed>) = 0 [pid 2445] write(4, "#! \n", 4 [pid 2439] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2437] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] <... write resumed>) = 4 [pid 2439] <... futex resumed>) = 0 [pid 2438] <... futex resumed>) = 0 [pid 2437] <... futex resumed>) = 1 [pid 2445] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2438] write(4, "#! \n", 4 [pid 2437] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] <... futex resumed>) = 0 [pid 2439] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2445] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2439] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2438] <... write resumed>) = 4 [pid 2437] <... futex resumed>) = 0 [pid 2439] <... mprotect resumed>) = 0 [pid 2438] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2439] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2438] <... futex resumed>) = 0 [pid 2439] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2437] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2438] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2437] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2437] <... mprotect resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2439] <... clone3 resumed> => {parent_tid=[2457]}, 88) = 2457 [pid 2437] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2439] rt_sigprocmask(SIG_SETMASK, [], [pid 2437] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] <... openat resumed>) = 3 [pid 2439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] newfstatat(3, "", [pid 2439] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2439] <... futex resumed>) = 0 [pid 2437] <... clone3 resumed> => {parent_tid=[2458]}, 88) = 2458 [pid 289] getdents64(3, [pid 2439] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2437] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2453] close(4./strace-static-x86_64: Process 2458 attached ./strace-static-x86_64: Process 2457 attached [pid 2437] <... futex resumed>) = 0 [pid 2437] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2457] set_robust_list(0x7f0aeccae9a0, 24 [pid 2458] set_robust_list(0x7f0aeccae9a0, 24 [pid 2457] <... set_robust_list resumed>) = 0 [pid 2458] <... set_robust_list resumed>) = 0 [pid 2457] rt_sigprocmask(SIG_SETMASK, [], [pid 2458] rt_sigprocmask(SIG_SETMASK, [], [pid 2457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2457] write(4, "#! \n", 4 [pid 2458] write(4, "#! \n", 4 [pid 2457] <... write resumed>) = 4 [pid 2458] <... write resumed>) = 4 [pid 2458] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2457] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2437] <... futex resumed>) = 0 [pid 2437] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] <... futex resumed>) = 0 [pid 2437] <... futex resumed>) = 1 [pid 2438] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2437] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2438] <... mmap resumed>) = 0x200000000000 [pid 2438] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2437] <... futex resumed>) = 0 [pid 2438] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2437] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2437] <... futex resumed>) = 0 [pid 2458] <... futex resumed>) = 1 [pid 2457] <... futex resumed>) = 1 [pid 2457] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2458] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2439] <... futex resumed>) = 0 [pid 2439] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2439] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] <... mount resumed>) = 0 [pid 2447] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2447] chdir("./file2") = 0 [pid 2447] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2445] <... futex resumed>) = 0 [pid 2445] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2445] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2439] <... futex resumed>) = 0 [pid 2445] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2439] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2439] <... futex resumed>) = 0 [pid 2438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2437] <... futex resumed>) = ? [pid 2458] <... futex resumed>) = ? [pid 2458] +++ killed by SIGBUS +++ [pid 2438] +++ killed by SIGBUS +++ [pid 2437] +++ killed by SIGBUS +++ [pid 2439] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2437, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 55.970949][ T2433] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 56.001225][ T2438] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2457] <... futex resumed>) = ? [pid 2439] <... futex resumed>) = ? [pid 2457] +++ killed by SIGBUS +++ [pid 2445] +++ killed by SIGBUS +++ [pid 2439] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2453] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./73/file2") = 0 [pid 287] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./73/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./73") = 0 [pid 287] mkdir("./74", 0777) = 0 [pid 2453] mkdir("./file2", 0777 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2453] <... mkdir resumed>) = 0 [ 56.011697][ T2445] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2453] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2447] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 2447] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 2447] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... ioctl resumed>) = 0 [pid 2447] close(4 [pid 289] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] close(3 [pid 2447] <... close resumed>) = 0 [pid 2447] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... close resumed>) = 0 [pid 2447] <... futex resumed>) = 1 [pid 2440] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./69/file2", [pid 288] newfstatat(AT_FDCWD, "./69/file2", [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2447] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2440] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2440] <... futex resumed>) = 0 [pid 2447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2440] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2463 [pid 2447] <... openat resumed>) = 4 [pid 2447] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2447] <... futex resumed>) = 1 [pid 2440] <... futex resumed>) = 0 [pid 288] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2447] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2440] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2440] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2447] write(4, "#! \n", 4 [pid 2440] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2447] <... write resumed>) = 4 [pid 2440] <... futex resumed>) = 0 [pid 289] newfstatat(4, "", [pid 2447] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... openat resumed>) = 4 [pid 2447] <... futex resumed>) = 0 [pid 2440] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 2447] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2440] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2440] <... mprotect resumed>) = 0 [pid 2440] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 2440] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] getdents64(4, [pid 2440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 288] getdents64(4, [pid 2440] <... clone3 resumed> => {parent_tid=[2465]}, 88) = 2465 [pid 289] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2440] rt_sigprocmask(SIG_SETMASK, [], [pid 289] rmdir("./69/file2" [pid 288] close(4 [pid 2440] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 2465 attached ./strace-static-x86_64: Process 2463 attached [pid 2453] <... mount resumed>) = 0 [pid 2440] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2465] set_robust_list(0x7f0aeccae9a0, 24 [pid 2463] set_robust_list(0x555594a056a0, 24 [pid 2453] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2440] <... futex resumed>) = 0 [pid 289] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] rmdir("./69/file2" [pid 2465] <... set_robust_list resumed>) = 0 [pid 2463] <... set_robust_list resumed>) = 0 [pid 2453] <... openat resumed>) = 3 [pid 2440] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2453] chdir("./file2") = 0 [pid 2453] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] newfstatat(AT_FDCWD, "./69/binderfs", [pid 288] <... rmdir resumed>) = 0 [pid 2465] rt_sigprocmask(SIG_SETMASK, [], [pid 2463] chdir("./74" [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2463] <... chdir resumed>) = 0 [pid 289] unlink("./69/binderfs" [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2465] write(4, "#! \n", 4 [pid 2463] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] <... unlink resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./69/binderfs", [pid 2465] <... write resumed>) = 4 [pid 2463] <... prctl resumed>) = 0 [pid 289] getdents64(3, [pid 2465] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2465] <... futex resumed>) = 1 [pid 2463] setpgid(0, 0 [pid 2440] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] unlink("./69/binderfs" [pid 2440] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2447] <... futex resumed>) = 0 [pid 2440] <... futex resumed>) = 1 [pid 2465] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2463] <... setpgid resumed>) = 0 [pid 2447] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2440] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] close(3 [pid 288] <... unlink resumed>) = 0 [pid 2463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2447] <... mmap resumed>) = 0x200000000000 [pid 289] <... close resumed>) = 0 [pid 288] getdents64(3, [pid 2447] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2463] <... openat resumed>) = 3 [pid 2447] <... futex resumed>) = 1 [pid 2440] <... futex resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] rmdir("./69" [pid 2440] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2463] write(3, "1000", 4) = 4 [pid 2463] close(3) = 0 executing program [pid 2463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2463] write(1, "executing program\n", 18) = 18 [pid 2463] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2463] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2463] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2466]}, 88) = 2466 [pid 2463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2463] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2463] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2466 attached [pid 2466] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2466] memfd_create("syzkaller", 0) = 3 [pid 2466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2466] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2466] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] close(3) = 0 [pid 288] rmdir("./69") = 0 [pid 288] mkdir("./70", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... rmdir resumed>) = 0 [pid 289] mkdir("./70", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2440] <... futex resumed>) = 0 [pid 2440] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2465] <... futex resumed>) = ? [pid 2440] <... futex resumed>) = ? [pid 2465] +++ killed by SIGBUS +++ [pid 2466] <... openat resumed>) = 4 [pid 2466] ioctl(4, LOOP_SET_FD, 3 [pid 2447] +++ killed by SIGBUS +++ [pid 2440] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2466] <... ioctl resumed>) = 0 [pid 2466] close(3) = 0 [pid 2466] close(4 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2466] <... close resumed>) = 0 [pid 2466] mkdir("./file2", 0777 [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 2466] <... mkdir resumed>) = 0 [pid 2466] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 2466] <... mount resumed>) = 0 [pid 2466] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2466] chdir("./file2") = 0 [ 56.206928][ T2447] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2466] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2453] <... openat resumed>) = 4 [pid 2453] ioctl(4, LOOP_CLR_FD) = 0 [pid 2453] close(4) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2453] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2453] <... futex resumed>) = 1 [pid 2448] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2453] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2448] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./71/file2", [pid 2453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2448] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2466] <... openat resumed>) = 4 [pid 2453] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2448] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2466] ioctl(4, LOOP_CLR_FD [pid 2453] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] close(3 [pid 288] close(3 [pid 2466] <... ioctl resumed>) = 0 [pid 2453] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2466] close(4 [pid 2453] <... futex resumed>) = 1 [pid 2448] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2466] <... close resumed>) = 0 [pid 2453] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2448] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 2466] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2448] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2470 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2471 [pid 2466] <... futex resumed>) = 1 [pid 2463] <... futex resumed>) = 0 [pid 2453] write(4, "#! \n", 4 [pid 2448] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 2466] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2463] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2453] <... write resumed>) = 4 [pid 2448] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2466] <... openat resumed>) = 4 [pid 2463] <... futex resumed>) = 0 [pid 2453] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] getdents64(4, [pid 2466] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2463] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2453] <... futex resumed>) = 0 [pid 2448] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2466] <... futex resumed>) = 0 [pid 2463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2453] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2448] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] close(4 [pid 2466] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2463] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2448] <... mprotect resumed>) = 0 [pid 2466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2463] <... futex resumed>) = 0 [pid 2448] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... close resumed>) = 0 [pid 2466] write(4, "#! \n", 4 [pid 2463] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2448] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] rmdir("./71/file2" [pid 2466] <... write resumed>) = 4 [pid 2463] <... futex resumed>) = 0 [pid 2448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2472 attached ./strace-static-x86_64: Process 2470 attached [pid 2466] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... rmdir resumed>) = 0 [pid 2466] <... futex resumed>) = 0 [pid 2463] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2448] <... clone3 resumed> => {parent_tid=[2472]}, 88) = 2472 [pid 2466] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2463] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2448] rt_sigprocmask(SIG_SETMASK, [], [pid 290] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2463] <... mprotect resumed>) = 0 [pid 2448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2470] set_robust_list(0x555594a056a0, 24 [pid 2463] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2448] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 2471 attached [pid 2470] <... set_robust_list resumed>) = 0 [pid 2463] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2448] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./71/binderfs", [pid 2471] set_robust_list(0x555594a056a0, 24 [pid 2463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2448] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2471] <... set_robust_list resumed>) = 0 [pid 2471] chdir("./70" [pid 2470] chdir("./70" [pid 2463] <... clone3 resumed> => {parent_tid=[2473]}, 88) = 2473 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2471] <... chdir resumed>) = 0 [pid 2463] rt_sigprocmask(SIG_SETMASK, [], [pid 290] unlink("./71/binderfs" [pid 2471] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2470] <... chdir resumed>) = 0 [pid 2463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2471] <... prctl resumed>) = 0 [pid 2463] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] setpgid(0, 0 [pid 2470] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2463] <... futex resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 2471] <... setpgid resumed>) = 0 [pid 2463] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2472] set_robust_list(0x7f0aeccae9a0, 24 [pid 2471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2470] <... prctl resumed>) = 0 [pid 290] getdents64(3, [pid 2470] setpgid(0, 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2471] <... openat resumed>) = 3 [pid 2470] <... setpgid resumed>) = 0 executing program [pid 290] close(3 [pid 2471] write(3, "1000", 4 [pid 290] <... close resumed>) = 0 [pid 2471] <... write resumed>) = 4 [pid 2470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] rmdir("./71" [pid 2471] close(3) = 0 [pid 2471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2470] <... openat resumed>) = 3 [pid 2471] write(1, "executing program\n", 18 [pid 2470] write(3, "1000", 4 [pid 290] mkdir("./72", 0777 [pid 2471] <... write resumed>) = 18 [pid 2471] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 290] <... mkdir resumed>) = 0 [pid 2470] <... write resumed>) = 4 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... openat resumed>) = 3 [pid 2470] close(3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 2471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2470] <... close resumed>) = 0 [pid 290] close(3 [pid 2471] <... mmap resumed>) = 0x7f0aeccaf000 [pid 290] <... close resumed>) = 0 [pid 2471] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2474]}, 88) = 2474 [pid 2471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2473 attached [pid 2473] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2473] write(4, "#! \n", 4) = 4 [pid 2473] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2463] <... futex resumed>) = 0 [pid 2473] <... futex resumed>) = 1 [pid 2463] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2473] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2466] <... futex resumed>) = 0 [pid 2463] <... futex resumed>) = 1 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2466] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2463] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2466] <... mmap resumed>) = 0x200000000000 [pid 2466] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2463] <... futex resumed>) = 0 [pid 2466] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2463] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2463] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2474 attached [pid 2472] <... set_robust_list resumed>) = 0 [pid 2470] symlink("/dev/binderfs", "./binderfs" [pid 2474] set_robust_list(0x7f0aecccf9a0, 24 [pid 2472] rt_sigprocmask(SIG_SETMASK, [], [pid 2470] <... symlink resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2475 [pid 2474] <... set_robust_list resumed>) = 0 [pid 2472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2470] write(1, "executing program\n", 18executing program [pid 2474] rt_sigprocmask(SIG_SETMASK, [], [pid 2472] write(4, "#! \n", 4 [pid 2470] <... write resumed>) = 18 [pid 2474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2472] <... write resumed>) = 4 [pid 2470] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2474] memfd_create("syzkaller", 0 [pid 2472] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2470] <... futex resumed>) = 0 [pid 2474] <... memfd_create resumed>) = 3 [pid 2472] <... futex resumed>) = 1 [pid 2470] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2472] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2474] <... mmap resumed>) = 0x7f0ae48af000 [pid 2470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 2475 attached NULL, 8) = 0 [pid 2466] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2463] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2448] <... futex resumed>) = 0 [pid 2475] set_robust_list(0x555594a056a0, 24 [pid 2473] <... futex resumed>) = ? [pid 2463] <... futex resumed>) = ? [pid 2448] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... set_robust_list resumed>) = 0 [pid 2473] +++ killed by SIGBUS +++ [pid 2470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2453] <... futex resumed>) = 0 [pid 2448] <... futex resumed>) = 1 [pid 2475] chdir("./72" [pid 2474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2470] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2466] +++ killed by SIGBUS +++ [pid 2463] +++ killed by SIGBUS +++ [pid 2453] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2448] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2475] <... chdir resumed>) = 0 [pid 2470] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2453] <... mmap resumed>) = 0x200000000000 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2470] <... mprotect resumed>) = 0 [pid 2453] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... prctl resumed>) = 0 [pid 2453] <... futex resumed>) = 1 [pid 2448] <... futex resumed>) = 0 [pid 2475] setpgid(0, 0 [pid 2470] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2453] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2448] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... setpgid resumed>) = 0 [pid 2470] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2448] <... futex resumed>) = 0 [pid 2475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2474] <... write resumed>) = 524288 [pid 2470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2474] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2470] <... clone3 resumed> => {parent_tid=[2476]}, 88) = 2476 [pid 2474] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2470] rt_sigprocmask(SIG_SETMASK, [], [pid 2474] <... openat resumed>) = 4 [pid 2470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2474] ioctl(4, LOOP_SET_FD, 3 [pid 2470] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2448] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2475] <... openat resumed>) = 3 [pid 2475] write(3, "1000", 4) = 4 [pid 2475] close(3) = 0 [pid 2475] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2475] write(1, "executing program\n", 18) = 18 [pid 2475] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2475] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2477]}, 88) = 2477 [pid 2475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2475] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2476 attached [pid 2476] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2476] memfd_create("syzkaller", 0) = 3 [pid 2476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2476] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2476] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 2477 attached [pid 2477] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2477] rt_sigprocmask(SIG_SETMASK, [], [pid 287] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2453] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2474] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2474] close(3 [pid 2472] <... futex resumed>) = ? [pid 2448] <... futex resumed>) = ? [pid 2476] <... openat resumed>) = 4 [pid 2474] <... close resumed>) = 0 [pid 2472] +++ killed by SIGBUS +++ [pid 2474] close(4 [pid 2476] ioctl(4, LOOP_SET_FD, 3 [pid 2474] <... close resumed>) = 0 [pid 2453] +++ killed by SIGBUS +++ [pid 2448] +++ killed by SIGBUS +++ [pid 2474] mkdir("./file2", 0777 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2448, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2474] <... mkdir resumed>) = 0 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2474] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2477] memfd_create("syzkaller", 0) = 3 [pid 2477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2477] <... write resumed>) = 524288 [pid 2477] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2474] <... mount resumed>) = 0 [pid 2477] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2474] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2474] chdir("./file2") = 0 [pid 2474] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", [pid 2474] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2474] ioctl(4, LOOP_CLR_FD [pid 2476] <... ioctl resumed>) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2476] close(3 [pid 287] getdents64(4, [pid 2476] <... close resumed>) = 0 [pid 2476] close(4 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./74/file2") = 0 [pid 287] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./74/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./74") = 0 [pid 287] mkdir("./75", 0777) = 0 [ 56.325565][ T2466] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 56.345277][ T2453] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2477] <... openat resumed>) = 4 [pid 2474] <... ioctl resumed>) = 0 [pid 2476] <... close resumed>) = 0 [pid 2474] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2474] <... close resumed>) = 0 [pid 291] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] ioctl(3, LOOP_CLR_FD [pid 2474] <... futex resumed>) = 1 [pid 2471] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./71/file2", [pid 2474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2477] ioctl(4, LOOP_SET_FD, 3 [pid 2476] mkdir("./file2", 0777 [pid 2474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2471] <... futex resumed>) = 0 [pid 291] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2474] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(3 [pid 2476] <... mkdir resumed>) = 0 [pid 2474] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 4 [pid 2476] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2474] <... futex resumed>) = 1 [pid 2471] <... futex resumed>) = 0 [pid 291] newfstatat(4, "", [pid 2474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2471] <... futex resumed>) = 0 [pid 291] getdents64(4, [pid 2474] write(4, "#! \n", 4 [pid 2471] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2477] <... ioctl resumed>) = 0 [pid 2474] <... write resumed>) = 4 [pid 2471] <... futex resumed>) = 0 [pid 2477] close(3 [pid 2474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] getdents64(4, [pid 287] <... close resumed>) = 0 [pid 2477] <... close resumed>) = 0 [pid 2474] <... futex resumed>) = 0 [pid 2471] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2474] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2471] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] close(4 [pid 2471] <... mprotect resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2483 [pid 2471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] rmdir("./71/file2" [pid 2477] close(4 [pid 2471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 2484 attached ./strace-static-x86_64: Process 2483 attached [pid 2471] <... clone3 resumed> => {parent_tid=[2484]}, 88) = 2484 [pid 291] newfstatat(AT_FDCWD, "./71/binderfs", [pid 2484] set_robust_list(0x7f0aeccae9a0, 24 [pid 2483] set_robust_list(0x555594a056a0, 24 [pid 2471] rt_sigprocmask(SIG_SETMASK, [], [pid 2484] <... set_robust_list resumed>) = 0 [pid 2483] <... set_robust_list resumed>) = 0 [pid 2471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2484] rt_sigprocmask(SIG_SETMASK, [], [pid 2483] chdir("./75" [pid 2484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2483] <... chdir resumed>) = 0 [pid 2471] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] unlink("./71/binderfs" [pid 2484] write(4, "#! \n", 4 [pid 2483] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2471] <... futex resumed>) = 0 [pid 2484] <... write resumed>) = 4 [pid 2483] <... prctl resumed>) = 0 [pid 2484] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2483] setpgid(0, 0 [pid 2471] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... unlink resumed>) = 0 [pid 2484] <... futex resumed>) = 0 [pid 2483] <... setpgid resumed>) = 0 [pid 2471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] getdents64(3, [pid 2484] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2483] <... openat resumed>) = 3 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2471] <... futex resumed>) = 1 [pid 2474] <... futex resumed>) = 0 [pid 2483] write(3, "1000", 4 [pid 2474] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] close(3 [pid 2483] <... write resumed>) = 4 [pid 2474] <... mmap resumed>) = 0x200000000000 [pid 2483] close(3 [pid 291] <... close resumed>) = 0 [pid 2483] <... close resumed>) = 0 executing program [pid 2474] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./71" [pid 2483] symlink("/dev/binderfs", "./binderfs" [pid 2474] <... futex resumed>) = 1 [pid 2471] <... futex resumed>) = 0 [pid 2483] <... symlink resumed>) = 0 [pid 2483] write(1, "executing program\n", 18 [pid 2471] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... rmdir resumed>) = 0 [pid 2483] <... write resumed>) = 18 [pid 2483] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2483] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2483] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2485]}, 88) = 2485 [pid 2483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] mkdir("./72", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 2485 attached [pid 2485] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2485] memfd_create("syzkaller", 0) = 3 [pid 2485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2485] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2485] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2474] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2484] <... futex resumed>) = ? [pid 2471] <... futex resumed>) = ? [pid 2484] +++ killed by SIGBUS +++ [pid 2476] <... mount resumed>) = 0 [pid 2474] +++ killed by SIGBUS +++ [pid 2476] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2471] +++ killed by SIGBUS +++ [pid 2476] <... openat resumed>) = 3 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2476] chdir("./file2") = 0 [pid 2476] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2477] <... close resumed>) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2477] mkdir("./file2", 0777) = 0 [pid 2477] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2488 ./strace-static-x86_64: Process 2488 attached [pid 2485] <... openat resumed>) = 4 [pid 2476] <... openat resumed>) = 4 [pid 2485] ioctl(4, LOOP_SET_FD, 3 [pid 2488] set_robust_list(0x555594a056a0, 24 [pid 2476] ioctl(4, LOOP_CLR_FD [pid 2488] <... set_robust_list resumed>) = 0 [pid 2488] chdir("./72") = 0 [pid 2488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2485] <... ioctl resumed>) = 0 [pid 2485] close(3) = 0 [ 56.456970][ T2474] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2485] close(4 [pid 2488] setpgid(0, 0) = 0 [pid 2488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2488] write(3, "1000", 4) = 4 [pid 2488] close(3) = 0 [pid 2488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2488] write(1, "executing program\n", 18executing program ) = 18 [pid 2477] <... mount resumed>) = 0 [pid 2477] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2477] chdir("./file2") = 0 [pid 2477] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2488] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2488] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2488] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2492]}, 88) = 2492 [pid 2488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2488] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2488] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2492 attached [pid 2492] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2492] memfd_create("syzkaller", 0) = 3 [pid 2492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2492] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2492] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2476] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./70/file2") = 0 [pid 288] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2477] <... openat resumed>) = 4 [pid 288] unlink("./70/binderfs" [pid 2477] ioctl(4, LOOP_CLR_FD [pid 2476] close(4 [pid 288] <... unlink resumed>) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./70") = 0 [pid 288] mkdir("./71", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2485] <... close resumed>) = 0 [pid 2492] <... openat resumed>) = 4 [pid 2492] ioctl(4, LOOP_SET_FD, 3 [pid 2485] mkdir("./file2", 0777) = 0 [pid 2485] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2477] <... ioctl resumed>) = 0 [pid 2476] <... close resumed>) = 0 [pid 2492] <... ioctl resumed>) = 0 [pid 2492] close(3) = 0 [pid 2492] close(4 [pid 2477] close(4 [pid 2476] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2476] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2470] <... futex resumed>) = 0 [pid 2476] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2470] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] <... openat resumed>) = 4 [pid 2476] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2476] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2470] <... futex resumed>) = 0 [pid 2476] write(4, "#! \n", 4 [pid 2470] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] <... write resumed>) = 4 [pid 2470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2476] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2470] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2476] <... futex resumed>) = 0 [pid 2470] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2476] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] <... mprotect resumed>) = 0 [pid 2470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2494 attached => {parent_tid=[2494]}, 88) = 2494 [pid 2494] set_robust_list(0x7f0aeccae9a0, 24 [pid 2470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2470] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2494] <... set_robust_list resumed>) = 0 [pid 2494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2494] write(4, "#! \n", 4) = 4 [pid 2494] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2470] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2494] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2476] <... futex resumed>) = 0 [pid 2470] <... futex resumed>) = 1 [pid 2476] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2470] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] <... mmap resumed>) = 0x200000000000 [pid 2476] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2476] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2470] <... futex resumed>) = 0 [pid 2470] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2494] <... futex resumed>) = ? [pid 2470] <... futex resumed>) = ? [pid 2494] +++ killed by SIGBUS +++ [pid 2476] +++ killed by SIGBUS +++ [pid 2470] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2492] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2492] mkdir("./file2", 0777 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2492] <... mkdir resumed>) = 0 [pid 2492] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2485] <... mount resumed>) = 0 [pid 2485] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2485] chdir("./file2") = 0 [ 56.587386][ T2476] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2485] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2477] <... close resumed>) = 0 [pid 2477] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] <... futex resumed>) = 0 [pid 2477] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2475] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2477] <... openat resumed>) = 4 [pid 2477] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] <... futex resumed>) = 0 [pid 2477] write(4, "#! \n", 4 [pid 2475] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2477] <... write resumed>) = 4 [pid 2475] <... futex resumed>) = 0 [pid 2477] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2477] <... futex resumed>) = 0 [pid 2475] <... futex resumed>) = 0 [pid 2477] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2475] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2497]}, 88) = 2497 [pid 2475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2475] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2497 attached [pid 2497] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2497] write(4, "#! \n", 4) = 4 [pid 2497] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... futex resumed>) = 0 [pid 2475] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2477] <... futex resumed>) = 0 [pid 2475] <... futex resumed>) = 1 [pid 2477] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2475] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2497] <... futex resumed>) = 1 [pid 2477] <... mmap resumed>) = 0x200000000000 [pid 2477] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2497] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2477] <... futex resumed>) = 1 [pid 2477] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] <... futex resumed>) = 0 [pid 2475] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2477] <... futex resumed>) = 0 [pid 2475] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2477] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2497] <... futex resumed>) = ? [pid 2475] <... futex resumed>) = ? [pid 2497] +++ killed by SIGBUS +++ [pid 2477] +++ killed by SIGBUS +++ [pid 2475] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2485] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 288] close(3 [pid 2485] ioctl(4, LOOP_CLR_FD [pid 289] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./70/file2") = 0 [pid 289] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./70/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./70") = 0 [pid 289] mkdir("./71", 0777) = 0 [ 56.662109][ T2477] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2492] <... mount resumed>) = 0 [pid 2492] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2492] chdir("./file2") = 0 [pid 2492] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2500 ./strace-static-x86_64: Process 2500 attached [pid 290] <... umount2 resumed>) = 0 [pid 2485] <... ioctl resumed>) = 0 [pid 2500] set_robust_list(0x555594a056a0, 24) = 0 [pid 2500] chdir("./71") = 0 [pid 2500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2500] setpgid(0, 0) = 0 [pid 2500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2500] write(3, "1000", 4) = 4 [pid 2500] close(3) = 0 [pid 2500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2500] write(1, "executing program\n", 18executing program ) = 18 [pid 2500] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2485] close(4 [pid 2492] <... openat resumed>) = 4 [pid 290] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2492] ioctl(4, LOOP_CLR_FD [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2492] <... ioctl resumed>) = 0 [pid 2485] <... close resumed>) = 0 [pid 2485] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./72/file2", [pid 2485] <... futex resumed>) = 1 [pid 2483] <... futex resumed>) = 0 [pid 2492] close(4 [pid 2485] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2492] <... close resumed>) = 0 [pid 2485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2483] <... futex resumed>) = 0 [pid 290] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2492] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2485] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... futex resumed>) = 1 [pid 2488] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2492] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2488] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2485] <... openat resumed>) = 4 [pid 2500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2488] <... futex resumed>) = 0 [pid 2485] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 4 [pid 2488] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... openat resumed>) = 4 [pid 2485] <... futex resumed>) = 1 [pid 2483] <... futex resumed>) = 0 [pid 2492] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2485] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 2485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2483] <... futex resumed>) = 0 [pid 2492] <... futex resumed>) = 1 [pid 2488] <... futex resumed>) = 0 [pid 2485] write(4, "#! \n", 4 [pid 2483] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2492] write(4, "#! \n", 4 [pid 2488] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2485] <... write resumed>) = 4 [pid 2483] <... futex resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2492] <... write resumed>) = 4 [pid 2488] <... futex resumed>) = 0 [pid 2485] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 289] ioctl(3, LOOP_CLR_FD [pid 2483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2492] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2488] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2485] <... futex resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] close(3 [pid 2492] <... futex resumed>) = 0 [pid 2488] <... futex resumed>) = 0 [pid 2485] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2483] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] getdents64(4, [pid 2492] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2483] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] <... close resumed>) = 0 [pid 2488] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2488] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2483] <... mprotect resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2488] <... mprotect resumed>) = 0 [pid 2483] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2483] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] close(4 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2501 [pid 2488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2500] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2483] <... clone3 resumed> => {parent_tid=[2502]}, 88) = 2502 [pid 2488] <... clone3 resumed> => {parent_tid=[2503]}, 88) = 2503 [pid 2483] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... close resumed>) = 0 [pid 2488] rt_sigprocmask(SIG_SETMASK, [], [pid 2483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] rmdir("./72/file2" [pid 2488] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2483] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2488] <... futex resumed>) = 0 [pid 2500] <... mprotect resumed>) = 0 [pid 2488] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2483] <... futex resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2483] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2504]}, 88) = 2504 [pid 2500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2500] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2501 attached [pid 2501] set_robust_list(0x555594a056a0, 24) = 0 [pid 2501] chdir("./71") = 0 [pid 2501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2501] setpgid(0, 0) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./72/binderfs", [pid 2501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2501] write(3, "1000", 4) = 4 [pid 2501] close(3) = 0 [pid 2501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./72/binderfs" [pid 2501] write(1, "executing program\n", 18 [pid 290] <... unlink resumed>) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3 [pid 2501] <... write resumed>) = 18 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./72"executing program [pid 2501] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2501] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 290] mkdir("./73", 0777 [pid 2501] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2501] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2501] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2501] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... openat resumed>) = 3 [pid 2501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 2501] <... clone3 resumed> => {parent_tid=[2505]}, 88) = 2505 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2501] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2501] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2502 attached [pid 2502] set_robust_list(0x7f0aeccae9a0, 24 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2506 [pid 2502] <... set_robust_list resumed>) = 0 [pid 2502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2502] write(4, "#! \n", 4) = 4 [pid 2502] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2483] <... futex resumed>) = 0 [pid 2483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2485] <... futex resumed>) = 0 [pid 2483] <... futex resumed>) = 1 [pid 2485] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2502] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2485] <... mmap resumed>) = 0x200000000000 [pid 2483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2485] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2485] <... futex resumed>) = 0 [pid 2483] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2506 attached [pid 2506] set_robust_list(0x555594a056a0, 24) = 0 [pid 2506] chdir("./73") = 0 [pid 2506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2506] setpgid(0, 0) = 0 [pid 2506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2506] write(3, "1000", 4) = 4 [pid 2506] close(3) = 0 [pid 2506] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2506] write(1, "executing program\n", 18) = 18 [pid 2506] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2506] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2506] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2507]}, 88) = 2507 [pid 2506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2507 attached [pid 2507] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2507] memfd_create("syzkaller", 0) = 3 [pid 2507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2507] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2507] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2503 attached [pid 2503] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2503] write(4, "#! \n", 4) = 4 [pid 2503] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2503] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2504 attached [pid 2504] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2504] memfd_create("syzkaller", 0) = 3 [pid 2504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2488] <... futex resumed>) = 0 [pid 2504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2488] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2483] <... futex resumed>) = 0 [pid 2492] <... futex resumed>) = 0 [pid 2488] <... futex resumed>) = 1 [pid 2483] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2488] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2492] <... mmap resumed>) = 0x200000000000 [pid 2492] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2488] <... futex resumed>) = 0 [pid 2488] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] <... write resumed>) = 524288 [pid 2504] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2507] <... ioctl resumed>) = 0 [pid 2507] close(3) = 0 [pid 2507] close(4) = 0 [pid 2507] mkdir("./file2", 0777) = 0 [pid 2507] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2504] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2504] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2505 attached [pid 2505] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2505] memfd_create("syzkaller", 0) = 3 [pid 2505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2505] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2505] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2502] <... futex resumed>) = ? [pid 2488] <... futex resumed>) = 0 [pid 2488] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2505] <... openat resumed>) = 4 [pid 2504] <... ioctl resumed>) = 0 [pid 2505] ioctl(4, LOOP_SET_FD, 3 [pid 2504] close(3) = 0 [pid 2504] close(4 [pid 2483] <... futex resumed>) = ? [pid 2502] +++ killed by SIGBUS +++ [pid 2485] +++ killed by SIGBUS +++ [pid 2483] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2505] <... ioctl resumed>) = 0 [pid 2492] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2505] close(3) = 0 [pid 2503] <... futex resumed>) = ? [pid 2488] <... futex resumed>) = ? [pid 2505] close(4 [pid 2492] +++ killed by SIGBUS +++ [pid 2507] <... mount resumed>) = 0 [pid 2507] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2507] chdir("./file2" [pid 2503] +++ killed by SIGBUS +++ [pid 2488] +++ killed by SIGBUS +++ [pid 2507] <... chdir resumed>) = 0 [pid 2507] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2488, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(3, "", [pid 287] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... openat resumed>) = 3 [pid 291] getdents64(3, [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] getdents64(3, [pid 291] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2504] <... close resumed>) = 0 [pid 2504] mkdir("./file2", 0777) = 0 [ 56.770402][ T2485] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 56.787584][ T2492] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2504] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2507] <... openat resumed>) = 4 [pid 2505] <... close resumed>) = 0 [pid 2507] ioctl(4, LOOP_CLR_FD [pid 2505] mkdir("./file2", 0777) = 0 [pid 2505] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 2507] <... ioctl resumed>) = 0 [pid 291] rmdir("./72/file2") = 0 [pid 291] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 291] unlink("./72/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 2507] close(4 [pid 291] rmdir("./72" [pid 2507] <... close resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 291] mkdir("./73", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = 0 [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2513 ./strace-static-x86_64: Process 2513 attached [pid 2507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2506] <... futex resumed>) = 0 [pid 2507] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2513] set_robust_list(0x555594a056a0, 24 [pid 2506] <... futex resumed>) = 0 [pid 2507] <... openat resumed>) = 4 [pid 2507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2513] <... set_robust_list resumed>) = 0 [pid 2513] chdir("./73") = 0 [pid 2513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2513] setpgid(0, 0) = 0 [pid 2513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2513] write(3, "1000", 4 [pid 2507] <... futex resumed>) = 0 [pid 2506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2513] <... write resumed>) = 4 [pid 2513] close(3) = 0 [pid 2513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2513] write(1, "executing program\n", 18executing program ) = 18 [pid 2507] write(4, "#! \n", 4 [pid 2506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2506] <... futex resumed>) = 0 [pid 2507] <... write resumed>) = 4 [pid 2506] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(AT_FDCWD, "./75/file2", [pid 2507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2506] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2507] <... futex resumed>) = 0 [pid 2507] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2513] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] <... mount resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2506] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2504] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2506] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2504] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 4 [pid 2506] <... mprotect resumed>) = 0 [pid 2504] chdir("./file2" [pid 287] newfstatat(4, "", [pid 2506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2504] <... chdir resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2506] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2504] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] getdents64(4, [pid 2506] <... clone3 resumed> => {parent_tid=[2517]}, 88) = 2517 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2506] rt_sigprocmask(SIG_SETMASK, [], [pid 287] getdents64(4, [pid 2506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2506] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] close(4 [pid 2506] <... futex resumed>) = 0 [pid 2513] <... futex resumed>) = 0 [pid 2506] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 2513] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 287] rmdir("./75/file2" [pid 2513] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... rmdir resumed>) = 0 [pid 2513] <... mmap resumed>) = 0x7f0aeccaf000 [pid 287] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2513] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2513] <... mprotect resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./75/binderfs", [pid 2513] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2513] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] unlink("./75/binderfs" [pid 2513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 2518 attached [pid 287] getdents64(3, [pid 2518] set_robust_list(0x7f0aecccf9a0, 24 [pid 2513] <... clone3 resumed> => {parent_tid=[2518]}, 88) = 2518 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2513] rt_sigprocmask(SIG_SETMASK, [], [pid 287] close(3 [pid 2513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... close resumed>) = 0 [pid 2513] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] rmdir("./75" [pid 2513] <... futex resumed>) = 0 [pid 2513] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2517 attached [pid 2517] set_robust_list(0x7f0aeccae9a0, 24 [pid 287] <... rmdir resumed>) = 0 [pid 2517] <... set_robust_list resumed>) = 0 [pid 287] mkdir("./76", 0777 [pid 2517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2517] write(4, "#! \n", 4) = 4 [pid 287] <... mkdir resumed>) = 0 [pid 2517] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2506] <... futex resumed>) = 0 [pid 2506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2507] <... futex resumed>) = 0 [pid 2506] <... futex resumed>) = 1 [pid 2507] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2518] <... set_robust_list resumed>) = 0 [pid 2507] <... mmap resumed>) = 0x200000000000 [pid 2507] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2506] <... futex resumed>) = 0 [pid 2507] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2506] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2506] <... futex resumed>) = 0 [pid 2518] rt_sigprocmask(SIG_SETMASK, [], [pid 2517] <... futex resumed>) = 1 [pid 2518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2518] memfd_create("syzkaller", 0) = 3 [pid 2518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2517] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2518] <... write resumed>) = 524288 [pid 2518] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2518] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2505] <... mount resumed>) = 0 [pid 2505] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2505] chdir("./file2") = 0 [pid 2505] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2506] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2517] <... futex resumed>) = ? [pid 2506] <... futex resumed>) = ? [pid 2517] +++ killed by SIGBUS +++ [pid 2507] +++ killed by SIGBUS +++ [pid 2506] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2506, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2518] <... openat resumed>) = 4 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2505] <... openat resumed>) = 4 [pid 2504] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... openat resumed>) = 3 [pid 290] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2518] ioctl(4, LOOP_SET_FD, 3 [pid 2505] ioctl(4, LOOP_CLR_FD [pid 2504] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 2505] <... ioctl resumed>) = 0 [pid 2504] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2505] close(4 [pid 2504] close(4 [pid 287] close(3 [pid 2505] <... close resumed>) = 0 [pid 2504] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2505] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2518] <... ioctl resumed>) = 0 [pid 2518] close(3) = 0 [pid 2518] close(4) = 0 [pid 2518] mkdir("./file2", 0777) = 0 [pid 2518] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2505] <... futex resumed>) = 1 [pid 2504] <... futex resumed>) = 1 [pid 2501] <... futex resumed>) = 0 [pid 2500] <... futex resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2505] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2504] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2500] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] <... futex resumed>) = 0 [pid 2500] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2521 attached [pid 2505] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2504] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2501] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2500] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2521 [pid 2521] set_robust_list(0x555594a056a0, 24) = 0 [pid 2521] chdir("./76" [pid 2504] <... openat resumed>) = 4 [pid 2521] <... chdir resumed>) = 0 [pid 2505] <... openat resumed>) = 4 [pid 2505] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] <... futex resumed>) = 1 [pid 2504] <... futex resumed>) = 1 [pid 2501] <... futex resumed>) = 0 [pid 2500] <... futex resumed>) = 0 [pid 2505] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2504] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2500] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] <... futex resumed>) = 0 [pid 2500] <... futex resumed>) = 0 [pid 2505] write(4, "#! \n", 4 [pid 2504] write(4, "#! \n", 4 [pid 2501] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2500] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2505] <... write resumed>) = 4 [pid 2521] <... prctl resumed>) = 0 [pid 2504] <... write resumed>) = 4 [pid 2505] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2501] <... futex resumed>) = 0 [pid 2500] <... futex resumed>) = 0 [pid 2505] <... futex resumed>) = 0 [pid 2504] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] setpgid(0, 0 [pid 2501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2504] <... futex resumed>) = 0 [pid 2500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2505] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2504] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2500] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2501] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2500] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2501] <... mprotect resumed>) = 0 [pid 2500] <... mprotect resumed>) = 0 [pid 2521] <... setpgid resumed>) = 0 [pid 2501] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2501] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2500] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2500] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2521] <... openat resumed>) = 3 [pid 2500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2501] <... clone3 resumed> => {parent_tid=[2522]}, 88) = 2522 [pid 2521] write(3, "1000", 4) = 4 [pid 2521] close(3 [pid 2501] rt_sigprocmask(SIG_SETMASK, [], [pid 2521] <... close resumed>) = 0 [pid 2501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2500] <... clone3 resumed> => {parent_tid=[2523]}, 88) = 2523 [pid 2501] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2500] rt_sigprocmask(SIG_SETMASK, [], [pid 2501] <... futex resumed>) = 0 [pid 2500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2501] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2500] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] symlink("/dev/binderfs", "./binderfs" [pid 2500] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2523 attached ./strace-static-x86_64: Process 2522 attached [pid 2521] <... symlink resumed>) = 0 [pid 2500] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2523] set_robust_list(0x7f0aeccae9a0, 24 [pid 2522] set_robust_list(0x7f0aeccae9a0, 24executing program [pid 2521] write(1, "executing program\n", 18 [pid 2518] <... mount resumed>) = 0 [pid 2521] <... write resumed>) = 18 [pid 2518] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2521] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2518] <... openat resumed>) = 3 [pid 2521] <... futex resumed>) = 0 [pid 2518] chdir("./file2" [pid 2521] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2518] <... chdir resumed>) = 0 [pid 2521] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2518] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2521] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2521] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2521] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2526]}, 88) = 2526 ./strace-static-x86_64: Process 2526 attached [pid 2523] <... set_robust_list resumed>) = 0 [pid 2522] <... set_robust_list resumed>) = 0 [pid 2521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2521] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2521] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2526] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2526] memfd_create("syzkaller", 0) = 3 [pid 2526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2523] rt_sigprocmask(SIG_SETMASK, [], [pid 2522] rt_sigprocmask(SIG_SETMASK, [], [pid 2523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2523] write(4, "#! \n", 4 [pid 2522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2523] <... write resumed>) = 4 [pid 2522] write(4, "#! \n", 4 [pid 2526] <... write resumed>) = 524288 [pid 2523] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2526] munmap(0x7f0ae48af000, 138412032 [pid 2523] <... futex resumed>) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2526] <... munmap resumed>) = 0 [pid 2523] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2500] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2522] <... write resumed>) = 4 [pid 2526] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2500] <... futex resumed>) = 1 [pid 2504] <... futex resumed>) = 0 [pid 2500] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2504] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2522] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2522] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2504] <... mmap resumed>) = 0x200000000000 [pid 2504] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2504] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2500] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 56.932659][ T2507] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2500] <... futex resumed>) = 0 [pid 2501] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2501] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2505] <... futex resumed>) = 0 [pid 2501] <... futex resumed>) = 1 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2505] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2501] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(AT_FDCWD, "./73/file2", [pid 2505] <... mmap resumed>) = 0x200000000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2505] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2505] <... futex resumed>) = 1 [pid 2501] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2505] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2501] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 2504] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2500] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2523] <... futex resumed>) = ? [pid 2500] <... futex resumed>) = ? [pid 2523] +++ killed by SIGBUS +++ [pid 2504] +++ killed by SIGBUS +++ [pid 2500] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2500, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2526] <... openat resumed>) = 4 [pid 2518] <... openat resumed>) = 4 [pid 2505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2501] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(4, "", [pid 288] <... restart_syscall resumed>) = 0 [pid 2526] ioctl(4, LOOP_SET_FD, 3 [pid 2522] <... futex resumed>) = ? [pid 2518] ioctl(4, LOOP_CLR_FD [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2522] +++ killed by SIGBUS +++ [pid 290] getdents64(4, [pid 2505] +++ killed by SIGBUS +++ [pid 2501] +++ killed by SIGBUS +++ [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2526] <... ioctl resumed>) = 0 [pid 290] getdents64(4, [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2526] close(3 [pid 2518] <... ioctl resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2526] <... close resumed>) = 0 [pid 2518] close(4 [pid 290] close(4 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2526] close(4 [pid 2518] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2526] <... close resumed>) = 0 [pid 2518] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] newfstatat(3, "", [pid 2526] mkdir("./file2", 0777 [pid 2518] <... futex resumed>) = 1 [pid 2513] <... futex resumed>) = 0 [pid 290] rmdir("./73/file2" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2526] <... mkdir resumed>) = 0 [pid 2518] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2513] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 288] getdents64(3, [pid 2526] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2513] <... futex resumed>) = 0 [pid 290] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2518] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2513] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2518] <... openat resumed>) = 4 [pid 290] newfstatat(AT_FDCWD, "./73/binderfs", [pid 289] <... restart_syscall resumed>) = 0 [pid 2518] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2518] <... futex resumed>) = 1 [pid 2513] <... futex resumed>) = 0 [pid 290] unlink("./73/binderfs" [pid 2518] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2513] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... unlink resumed>) = 0 [pid 289] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2513] <... futex resumed>) = 0 [pid 290] getdents64(3, [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2518] write(4, "#! \n", 4 [pid 2513] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2526] <... mount resumed>) = 0 [pid 2518] <... write resumed>) = 4 [pid 2513] <... futex resumed>) = 0 [pid 290] close(3 [pid 289] <... openat resumed>) = 3 [pid 2526] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2518] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... close resumed>) = 0 [pid 2526] <... openat resumed>) = 3 [pid 2518] <... futex resumed>) = 0 [pid 2513] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] rmdir("./73" [pid 289] newfstatat(3, "", [pid 2526] chdir("./file2" [pid 2518] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2513] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... rmdir resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2513] <... mprotect resumed>) = 0 [pid 2526] <... chdir resumed>) = 0 [pid 290] mkdir("./74", 0777 [pid 289] getdents64(3, [pid 2526] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2513] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... mkdir resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2513] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2530 attached => {parent_tid=[2530]}, 88) = 2530 [pid 2513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2513] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2513] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2530] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2530] write(4, "#! \n", 4) = 4 [pid 2530] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2513] <... futex resumed>) = 0 [pid 2530] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2513] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2518] <... futex resumed>) = 0 [pid 2513] <... futex resumed>) = 1 [pid 2518] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2513] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2518] <... mmap resumed>) = 0x200000000000 [pid 2518] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2513] <... futex resumed>) = 0 [pid 2518] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2513] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 56.985837][ T2504] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 56.993869][ T2505] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2513] <... futex resumed>) = 0 [pid 2518] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2530] <... futex resumed>) = ? [pid 2530] +++ killed by SIGBUS +++ [pid 2518] +++ killed by SIGBUS +++ [pid 2513] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2513, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2526] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./71/file2") = 0 [pid 288] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./71/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./71" [pid 2526] ioctl(4, LOOP_CLR_FD [pid 290] <... openat resumed>) = 3 [pid 288] <... rmdir resumed>) = 0 [pid 288] mkdir("./72", 0777 [pid 2526] <... ioctl resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 57.044973][ T2518] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2526] close(4 [pid 288] <... openat resumed>) = 3 [pid 2526] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... umount2 resumed>) = 0 [pid 2526] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] close(3 [pid 289] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2526] <... futex resumed>) = 1 [pid 2521] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2526] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2521] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./73/file2", [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] newfstatat(AT_FDCWD, "./71/file2", [pid 2526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2521] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2526] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2521] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2531 [pid 289] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2526] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 289] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 289] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 289] close(4 [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 291] rmdir("./73/file2" [pid 289] rmdir("./71/file2" [pid 2526] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2526] <... futex resumed>) = 1 [pid 2521] <... futex resumed>) = 0 [pid 291] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2526] write(4, "#! \n", 4 [pid 2521] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2521] <... futex resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./73/binderfs", [pid 289] newfstatat(AT_FDCWD, "./71/binderfs", [pid 2526] <... write resumed>) = 4 [pid 2521] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2526] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] <... futex resumed>) = 0 [pid 291] unlink("./73/binderfs" [pid 289] unlink("./71/binderfs" [pid 2526] <... futex resumed>) = 0 [pid 2521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... unlink resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 2526] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2521] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] getdents64(3, [pid 289] getdents64(3, [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2521] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2521] <... mprotect resumed>) = 0 [pid 291] close(3 [pid 289] close(3 [pid 288] close(3 [pid 2521] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2521] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] rmdir("./73" [pid 289] rmdir("./71" [pid 288] <... close resumed>) = 0 [pid 2521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 291] mkdir("./74", 0777 [pid 289] mkdir("./72", 0777 [pid 291] <... mkdir resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2521] <... clone3 resumed> => {parent_tid=[2532]}, 88) = 2532 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2521] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] close(3 [pid 289] close(3 [pid 2521] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2521] <... futex resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2521] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2534 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2535 executing program [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2533 ./strace-static-x86_64: Process 2531 attached [pid 2531] set_robust_list(0x555594a056a0, 24) = 0 [pid 2531] chdir("./74") = 0 [pid 2531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2531] setpgid(0, 0) = 0 [pid 2531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2531] write(3, "1000", 4) = 4 [pid 2531] close(3) = 0 [pid 2531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2531] write(1, "executing program\n", 18) = 18 [pid 2531] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2531] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2531] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 executing program [pid 2531] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 2535 attached [], 8) = 0 [pid 2535] set_robust_list(0x555594a056a0, 24 [pid 2531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2535] <... set_robust_list resumed>) = 0 [pid 2535] chdir("./72") = 0 [pid 2535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2531] <... clone3 resumed> => {parent_tid=[2536]}, 88) = 2536 [pid 2535] <... prctl resumed>) = 0 [pid 2531] rt_sigprocmask(SIG_SETMASK, [], [pid 2535] setpgid(0, 0 [pid 2531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2531] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] <... setpgid resumed>) = 0 [pid 2531] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2535] write(3, "1000", 4) = 4 [pid 2535] close(3) = 0 [pid 2535] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 2534 attached [pid 2534] set_robust_list(0x555594a056a0, 24) = 0 [pid 2534] chdir("./74") = 0 [pid 2535] write(1, "executing program\n", 18) = 18 [pid 2534] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2535] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2534] <... prctl resumed>) = 0 [pid 2534] setpgid(0, 0 [pid 2535] <... futex resumed>) = 0 [pid 2535] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2534] <... setpgid resumed>) = 0 [pid 2535] <... rt_sigaction resumed>NULL, 8) = 0 executing program [pid 2534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2535] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2534] <... openat resumed>) = 3 [pid 2535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2534] write(3, "1000", 4 [pid 2535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2534] <... write resumed>) = 4 [pid 2534] close(3) = 0 [pid 2534] symlink("/dev/binderfs", "./binderfs" [pid 2535] <... clone3 resumed> => {parent_tid=[2537]}, 88) = 2537 [pid 2534] <... symlink resumed>) = 0 [pid 2535] rt_sigprocmask(SIG_SETMASK, [], [pid 2534] write(1, "executing program\n", 18 [pid 2535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2534] <... write resumed>) = 18 [pid 2535] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2534] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2535] <... futex resumed>) = 0 [pid 2534] <... futex resumed>) = 0 [pid 2535] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2534] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2534] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2538]}, 88) = 2538 [pid 2534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2534] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2534] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2536 attached [pid 2536] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2536] memfd_create("syzkaller", 0) = 3 [pid 2536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 2537 attached [pid 2537] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2537] memfd_create("syzkaller", 0) = 3 [pid 2537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2536] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 2533 attached [pid 2533] set_robust_list(0x555594a056a0, 24) = 0 [pid 2533] chdir("./72" [pid 2536] <... write resumed>) = 524288 [pid 2533] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 2532 attached ./strace-static-x86_64: Process 2538 attached [pid 2533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2538] set_robust_list(0x7f0aecccf9a0, 24 [pid 2532] set_robust_list(0x7f0aeccae9a0, 24 [pid 2533] setpgid(0, 0 [pid 2532] <... set_robust_list resumed>) = 0 [pid 2538] <... set_robust_list resumed>) = 0 [pid 2533] <... setpgid resumed>) = 0 [pid 2532] rt_sigprocmask(SIG_SETMASK, [], [pid 2538] rt_sigprocmask(SIG_SETMASK, [], [pid 2537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2533] <... openat resumed>) = 3 [pid 2532] write(4, "#! \n", 4 [pid 2538] memfd_create("syzkaller", 0 [pid 2536] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2536] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2536] ioctl(4, LOOP_SET_FD, 3 [pid 2533] write(3, "1000", 4 [pid 2532] <... write resumed>) = 4 [pid 2533] <... write resumed>) = 4 [pid 2532] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] close(3 [pid 2532] <... futex resumed>) = 1 [pid 2521] <... futex resumed>) = 0 [pid 2521] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] <... close resumed>) = 0 [pid 2532] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2521] <... futex resumed>) = 1 [pid 2526] <... futex resumed>) = 0 executing program [pid 2521] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2533] symlink("/dev/binderfs", "./binderfs" [pid 2526] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2537] <... write resumed>) = 524288 [pid 2526] <... mmap resumed>) = 0x200000000000 [pid 2537] munmap(0x7f0ae48af000, 138412032 [pid 2526] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2521] <... futex resumed>) = 0 [pid 2526] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2521] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2521] <... futex resumed>) = 0 [pid 2537] <... munmap resumed>) = 0 [pid 2537] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2536] <... ioctl resumed>) = 0 [pid 2536] close(3) = 0 [pid 2536] close(4 [pid 2538] <... memfd_create resumed>) = 3 [pid 2538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2538] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2538] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2533] <... symlink resumed>) = 0 [pid 2533] write(1, "executing program\n", 18) = 18 [pid 2533] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2533] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2541]}, 88) = 2541 [pid 2533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2533] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2541 attached [pid 2541] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2541] memfd_create("syzkaller", 0) = 3 [pid 2541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2541] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2541] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2521] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2521] <... futex resumed>) = ? [pid 2532] <... futex resumed>) = ? [pid 2532] +++ killed by SIGBUS +++ [pid 2526] +++ killed by SIGBUS +++ [pid 2521] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2521, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2537] <... openat resumed>) = 4 [pid 2536] <... close resumed>) = 0 [pid 2536] mkdir("./file2", 0777 [pid 2537] ioctl(4, LOOP_SET_FD, 3 [pid 2536] <... mkdir resumed>) = 0 [ 57.165775][ T2526] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2536] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2538] <... openat resumed>) = 4 [pid 2538] ioctl(4, LOOP_SET_FD, 3 [pid 2537] <... ioctl resumed>) = 0 [pid 2537] close(3) = 0 [pid 2537] close(4) = 0 [pid 2537] mkdir("./file2", 0777) = 0 [pid 2537] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2538] <... ioctl resumed>) = 0 [pid 2538] close(3) = 0 [pid 2541] <... openat resumed>) = 4 [pid 2538] close(4 [pid 2541] ioctl(4, LOOP_SET_FD, 3 [pid 2538] <... close resumed>) = 0 [pid 2538] mkdir("./file2", 0777) = 0 [pid 2538] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2541] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./76/file2") = 0 [pid 287] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2541] close(3 [pid 287] unlink("./76/binderfs") = 0 [pid 287] getdents64(3, [pid 2541] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./76" [pid 2541] close(4) = 0 [pid 2541] mkdir("./file2", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./77", 0777 [pid 2541] <... mkdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2547 ./strace-static-x86_64: Process 2547 attached [pid 2541] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2537] <... mount resumed>) = 0 [pid 2537] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2537] chdir("./file2") = 0 [pid 2537] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2537] ioctl(4, LOOP_CLR_FD) = 0 [pid 2537] close(4) = 0 [pid 2537] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2537] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2547] set_robust_list(0x555594a056a0, 24) = 0 [pid 2547] chdir("./77") = 0 [pid 2547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2535] <... futex resumed>) = 0 [pid 2547] setpgid(0, 0 [pid 2535] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2547] <... setpgid resumed>) = 0 [pid 2547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2547] write(3, "1000", 4) = 4 [pid 2547] close(3) = 0 [pid 2547] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2547] write(1, "executing program\n", 18) = 18 [pid 2547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2547] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2535] <... futex resumed>) = 1 [pid 2547] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2535] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2537] <... futex resumed>) = 0 [pid 2537] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2537] <... openat resumed>) = 4 [pid 2537] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2537] write(4, "#! \n", 4 [pid 2535] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2547] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2537] <... write resumed>) = 4 [pid 2535] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2537] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2535] <... futex resumed>) = 0 [pid 2537] <... futex resumed>) = 0 [pid 2535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2547] <... mprotect resumed>) = 0 [pid 2547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2551]}, 88) = 2551 [pid 2547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2547] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2547] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2551 attached [pid 2551] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2551] rt_sigprocmask(SIG_SETMASK, [], [pid 2537] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2535] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2535] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2552]}, 88) = 2552 [pid 2535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2535] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2536] <... mount resumed>) = 0 [pid 2535] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2536] chdir("./file2") = 0 [pid 2536] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 2552 attached ) = 4 [pid 2552] set_robust_list(0x7f0aeccae9a0, 24 [pid 2536] ioctl(4, LOOP_CLR_FD) = 0 [pid 2552] <... set_robust_list resumed>) = 0 [pid 2536] close(4 [pid 2552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2552] write(4, "#! \n", 4 [pid 2536] <... close resumed>) = 0 [pid 2536] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2536] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2531] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2531] <... futex resumed>) = 0 [pid 2536] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2531] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2552] <... write resumed>) = 4 [pid 2552] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2552] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2535] <... futex resumed>) = 0 [pid 2536] <... openat resumed>) = 4 [pid 2535] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2551] memfd_create("syzkaller", 0 [pid 2537] <... futex resumed>) = 0 [pid 2536] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2535] <... futex resumed>) = 1 [pid 2537] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2535] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... memfd_create resumed>) = 3 [pid 2551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2536] <... futex resumed>) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2537] <... mmap resumed>) = 0x200000000000 [pid 2536] write(4, "#! \n", 4 [pid 2531] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2537] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2531] <... futex resumed>) = 0 [pid 2531] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2536] <... write resumed>) = 4 [pid 2531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2537] <... futex resumed>) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2531] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2535] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2531] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2535] <... futex resumed>) = 0 [pid 2531] <... mprotect resumed>) = 0 [pid 2535] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2531] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2536] <... futex resumed>) = 0 [pid 2531] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2536] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2551] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2551] ioctl(4, LOOP_SET_FD, 3 [pid 2531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2556]}, 88) = 2556 [pid 2531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2531] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2531] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... ioctl resumed>) = 0 [pid 2551] close(3) = 0 [pid 2551] close(4./strace-static-x86_64: Process 2556 attached [pid 2556] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2556] write(4, "#! \n", 4) = 4 [pid 2556] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2531] <... futex resumed>) = 0 [pid 2531] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2536] <... futex resumed>) = 0 [pid 2531] <... futex resumed>) = 1 [pid 2538] <... mount resumed>) = 0 [pid 2538] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2536] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2531] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2538] <... openat resumed>) = 3 [pid 2556] <... futex resumed>) = 1 [pid 2538] chdir("./file2" [pid 2537] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2536] <... mmap resumed>) = 0x200000000000 [pid 2538] <... chdir resumed>) = 0 [pid 2536] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2556] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2541] <... mount resumed>) = 0 [pid 2538] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2536] <... futex resumed>) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2552] <... futex resumed>) = ? [pid 2535] <... futex resumed>) = ? [pid 2552] +++ killed by SIGBUS +++ [pid 2541] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2531] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] <... openat resumed>) = 3 [pid 2541] chdir("./file2") = 0 [pid 2541] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2537] +++ killed by SIGBUS +++ [pid 2535] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2535, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2531] <... futex resumed>) = 0 [pid 2531] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2536] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2531] <... futex resumed>) = ? [pid 2556] <... futex resumed>) = ? [pid 2556] +++ killed by SIGBUS +++ [pid 2536] +++ killed by SIGBUS +++ [pid 2531] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2531, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2551] <... close resumed>) = 0 [pid 2551] mkdir("./file2", 0777) = 0 [pid 2551] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2541] <... openat resumed>) = 4 [pid 2538] <... openat resumed>) = 4 [pid 2541] ioctl(4, LOOP_CLR_FD [ 57.313549][ T2537] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 57.331343][ T2536] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2538] ioctl(4, LOOP_CLR_FD [pid 2551] <... mount resumed>) = 0 [pid 2551] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2551] chdir("./file2") = 0 [pid 2551] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2541] <... ioctl resumed>) = 0 [pid 2541] close(4) = 0 [pid 2538] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 2541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2533] <... futex resumed>) = 0 [pid 2541] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2533] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2533] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... openat resumed>) = 4 [pid 2551] ioctl(4, LOOP_CLR_FD) = 0 [pid 2551] close(4) = 0 [pid 2551] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] <... futex resumed>) = 0 [pid 2551] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2547] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2538] close(4 [pid 2547] <... futex resumed>) = 1 [pid 290] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2538] <... close resumed>) = 0 [pid 2547] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2538] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] <... openat resumed>) = 4 [pid 2538] <... futex resumed>) = 1 [pid 2534] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./74/file2", [pid 2534] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2538] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2534] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2534] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [pid 2533] <... futex resumed>) = 0 [pid 290] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2538] <... openat resumed>) = 4 [pid 2533] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2538] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2541] write(4, "#! \n", 4 [pid 2533] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2538] <... futex resumed>) = 1 [pid 2534] <... futex resumed>) = 0 [pid 2541] <... write resumed>) = 4 [pid 2533] <... futex resumed>) = 0 [pid 2538] write(4, "#! \n", 4 [pid 2534] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... openat resumed>) = 4 [pid 2541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2538] <... write resumed>) = 4 [pid 2541] <... futex resumed>) = 0 [pid 2534] <... futex resumed>) = 0 [pid 2533] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] newfstatat(4, "", [pid 289] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2541] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2538] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2551] <... futex resumed>) = 0 [pid 2538] <... futex resumed>) = 0 [pid 2534] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2538] write(4, "#! \n", 4 [pid 2534] <... futex resumed>) = 0 [pid 2533] <... mprotect resumed>) = 0 [pid 290] getdents64(4, [pid 289] newfstatat(AT_FDCWD, "./72/file2", [pid 2534] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2538] <... write resumed>) = 4 [pid 2533] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2538] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] getdents64(4, [pid 289] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2538] <... futex resumed>) = 1 [pid 2534] <... futex resumed>) = 0 [pid 2534] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2551] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2538] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2534] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2534] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] close(4 [pid 2533] <... clone3 resumed> => {parent_tid=[2560]}, 88) = 2560 [pid 2538] <... mmap resumed>) = 0x200000000000 [pid 290] <... close resumed>) = 0 [pid 2538] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] rt_sigprocmask(SIG_SETMASK, [], [pid 290] rmdir("./74/file2" [pid 289] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2551] <... openat resumed>) = 4 [pid 2533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2533] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2538] <... futex resumed>) = 1 [pid 2534] <... futex resumed>) = 0 [pid 289] <... openat resumed>) = 4 [pid 2534] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] <... futex resumed>) = 0 [pid 290] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2560 attached [pid 2560] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2560] write(4, "#! \n", 4) = 4 [pid 2560] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2560] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2534] <... futex resumed>) = 0 [pid 2534] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2533] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2551] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 290] newfstatat(AT_FDCWD, "./74/binderfs", [pid 289] newfstatat(4, "", [pid 2551] <... futex resumed>) = 1 [pid 2547] <... futex resumed>) = 0 [pid 2533] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2551] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2547] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] <... futex resumed>) = 0 [pid 2533] <... futex resumed>) = 1 [pid 290] unlink("./74/binderfs" [pid 2551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2547] <... futex resumed>) = 0 [pid 2541] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2538] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2533] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] getdents64(4, [pid 290] <... unlink resumed>) = 0 [pid 2551] write(4, "#! \n", 4 [pid 2547] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2551] <... write resumed>) = 4 [pid 2547] <... futex resumed>) = 0 [pid 2541] <... mmap resumed>) = 0x200000000000 [pid 2534] <... futex resumed>) = ? [pid 290] getdents64(3, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2551] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 2551] <... futex resumed>) = 0 [pid 2547] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2541] <... futex resumed>) = 1 [pid 2533] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2551] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2547] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2541] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2533] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 289] close(4 [pid 2547] <... mprotect resumed>) = 0 [pid 2541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2533] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2533] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2547] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2538] +++ killed by SIGBUS +++ [pid 2534] +++ killed by SIGBUS +++ [pid 290] rmdir("./74") = 0 [pid 290] mkdir("./75", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] rmdir("./72/file2") = 0 [pid 289] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./72/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./72") = 0 [pid 289] mkdir("./73", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2547] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2561]}, 88) = 2561 [pid 2547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2547] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2547] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2534, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 2561 attached [pid 2561] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2561] write(4, "#! \n", 4) = 4 [pid 2561] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2547] <... futex resumed>) = 0 [pid 2547] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2561] <... futex resumed>) = 1 [pid 2561] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2551] <... futex resumed>) = 0 [pid 2551] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2551] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2547] <... futex resumed>) = 0 [pid 2547] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2560] <... futex resumed>) = ? [pid 2533] <... futex resumed>) = ? [pid 2560] +++ killed by SIGBUS +++ [pid 2541] +++ killed by SIGBUS +++ [pid 2533] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2533, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2547] <... futex resumed>) = 0 [pid 2547] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2551] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2561] <... futex resumed>) = ? [pid 2547] <... futex resumed>) = ? [pid 2561] +++ killed by SIGBUS +++ [pid 2551] +++ killed by SIGBUS +++ [pid 2547] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2547, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2562 ./strace-static-x86_64: Process 2562 attached [pid 2562] set_robust_list(0x555594a056a0, 24) = 0 [pid 2562] chdir("./75") = 0 [pid 2562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2562] setpgid(0, 0) = 0 [pid 2562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2562] write(3, "1000", 4) = 4 [pid 2562] close(3) = 0 [pid 2562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2562] write(1, "executing program\n", 18executing program ) = 18 [pid 2562] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2562] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2562] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2563 attached => {parent_tid=[2563]}, 88) = 2563 [pid 2563] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2563] rt_sigprocmask(SIG_SETMASK, [], [pid 2562] rt_sigprocmask(SIG_SETMASK, [], [pid 2563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2563] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2562] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2563] <... futex resumed>) = 0 [pid 2563] memfd_create("syzkaller", 0 [pid 2562] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2563] <... memfd_create resumed>) = 3 [pid 2563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [ 57.444542][ T2538] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 57.461779][ T2541] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 57.467966][ T2551] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2563] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2563] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 291] <... umount2 resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... umount2 resumed>) = 0 [pid 291] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] close(3 [pid 287] <... umount2 resumed>) = 0 [pid 291] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 289] <... close resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./74/file2") = 0 [pid 291] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] unlink("./74/binderfs") = 0 [pid 291] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2564 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./77/file2", [pid 291] close(3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 2564 attached [pid 2563] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./72/file2", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2563] ioctl(4, LOOP_SET_FD, 3 [pid 291] rmdir("./74" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... rmdir resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 291] mkdir("./75", 0777 [pid 288] <... openat resumed>) = 4 [pid 287] newfstatat(4, "", [pid 2564] set_robust_list(0x555594a056a0, 24 [pid 288] newfstatat(4, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2564] <... set_robust_list resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 2564] chdir("./73" [pid 291] <... mkdir resumed>) = 0 [pid 288] getdents64(4, [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2564] <... chdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 2564] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] getdents64(4, [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2564] <... prctl resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 2564] setpgid(0, 0 [pid 288] close(4 [pid 287] <... close resumed>) = 0 [pid 2564] <... setpgid resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] rmdir("./77/file2" [pid 2564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] rmdir("./72/file2" [pid 287] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 287] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2564] <... openat resumed>) = 3 [pid 2564] write(3, "1000", 4 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2563] <... ioctl resumed>) = 0 [pid 291] close(3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./77/binderfs", [pid 2564] <... write resumed>) = 4 [pid 2563] close(3 [pid 291] <... close resumed>) = 0 [pid 2564] close(3) = 0 [pid 2564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2564] write(1, "executing program\n", 18executing program ) = 18 [pid 2564] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2564] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] newfstatat(AT_FDCWD, "./72/binderfs", [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2564] <... mprotect resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./77/binderfs"./strace-static-x86_64: Process 2566 attached [pid 2564] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2563] <... close resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2566 [pid 288] unlink("./72/binderfs" [pid 287] <... unlink resumed>) = 0 [pid 2564] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2567]}, 88) = 2567 [pid 2564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2566] set_robust_list(0x555594a056a0, 24 [pid 288] <... unlink resumed>) = 0 [pid 287] getdents64(3, [pid 2563] close(4 [pid 2566] <... set_robust_list resumed>) = 0 [pid 288] getdents64(3, [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2566] chdir("./75" [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 2567 attached [pid 288] close(3 [pid 287] close(3 [pid 2566] <... chdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 288] rmdir("./72" [pid 287] rmdir("./77" [pid 2566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2566] setpgid(0, 0) = 0 [pid 2566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] <... rmdir resumed>) = 0 [pid 2566] <... openat resumed>) = 3 [pid 288] mkdir("./73", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 2566] write(3, "1000", 4) = 4 [pid 2566] close(3) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 287] mkdir("./78", 0777 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 287] <... mkdir resumed>) = 0 executing program [pid 2566] write(1, "executing program\n", 18 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2566] <... write resumed>) = 18 [pid 2567] set_robust_list(0x7f0aecccf9a0, 24 [pid 2566] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2566] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2566] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2567] <... set_robust_list resumed>) = 0 [pid 2566] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2567] memfd_create("syzkaller", 0) = 3 [pid 2566] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2568]}, 88) = 2568 [pid 2566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2566] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2568 attached [pid 2568] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2568] memfd_create("syzkaller", 0) = 3 [pid 2568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2566] <... futex resumed>) = 0 [pid 2566] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2567] <... write resumed>) = 524288 [pid 2567] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2567] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2568] <... write resumed>) = 524288 [pid 2568] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2568] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2563] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2563] mkdir("./file2", 0777 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2563] <... mkdir resumed>) = 0 [pid 2563] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2569 ./strace-static-x86_64: Process 2569 attached [pid 2569] set_robust_list(0x555594a056a0, 24) = 0 [pid 2569] chdir("./78") = 0 [pid 2569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2569] setpgid(0, 0) = 0 [pid 2569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2569] write(3, "1000", 4) = 4 [pid 2569] close(3) = 0 [pid 2569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2569] write(1, "executing program\n", 18) = 18 [pid 2569] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2569] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2570]}, 88) = 2570 [pid 2569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2569] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2569] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2570 attached [pid 2570] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2570] memfd_create("syzkaller", 0) = 3 [pid 2570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2570] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2567] <... openat resumed>) = 4 [pid 2567] ioctl(4, LOOP_SET_FD, 3 [pid 2563] <... mount resumed>) = 0 [pid 2568] <... openat resumed>) = 4 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2568] ioctl(4, LOOP_SET_FD, 3 [pid 288] close(3 [pid 2570] close(3) = 0 [pid 2570] close(4 [pid 2563] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2563] chdir("./file2") = 0 [pid 2563] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2567] <... ioctl resumed>) = 0 [pid 2567] close(3) = 0 [pid 2567] close(4) = 0 [pid 288] <... close resumed>) = 0 [pid 2567] mkdir("./file2", 0777 [pid 2568] <... ioctl resumed>) = 0 [pid 2563] <... openat resumed>) = 4 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2570] <... close resumed>) = 0 [pid 2568] close(3 [pid 2567] <... mkdir resumed>) = 0 [pid 2563] ioctl(4, LOOP_CLR_FD [pid 2567] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2570] mkdir("./file2", 0777) = 0 [pid 2568] <... close resumed>) = 0 [pid 2570] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2568] close(4 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2576 ./strace-static-x86_64: Process 2576 attached [pid 2576] set_robust_list(0x555594a056a0, 24) = 0 [pid 2576] chdir("./73") = 0 [pid 2576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2576] setpgid(0, 0) = 0 [pid 2576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2576] write(3, "1000", 4) = 4 [pid 2576] close(3) = 0 [pid 2576] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2576] write(1, "executing program\n", 18) = 18 [pid 2576] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2576] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2576] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2577 attached => {parent_tid=[2577]}, 88) = 2577 [pid 2577] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2576] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2577] <... futex resumed>) = 0 [pid 2577] memfd_create("syzkaller", 0 [pid 2576] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2577] <... memfd_create resumed>) = 3 [pid 2577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2577] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2577] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2568] <... close resumed>) = 0 [pid 2563] <... ioctl resumed>) = 0 [pid 2577] <... openat resumed>) = 4 [pid 2568] mkdir("./file2", 0777 [pid 2563] close(4 [pid 2577] ioctl(4, LOOP_SET_FD, 3 [pid 2568] <... mkdir resumed>) = 0 [pid 2563] <... close resumed>) = 0 [pid 2568] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2563] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2562] <... futex resumed>) = 0 [pid 2563] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2562] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2562] <... futex resumed>) = 0 [pid 2563] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2562] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2563] <... openat resumed>) = 4 [pid 2563] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2562] <... futex resumed>) = 0 [pid 2563] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2562] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2563] <... futex resumed>) = 0 [pid 2562] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2563] write(4, "#! \n", 4 [pid 2562] <... futex resumed>) = 0 [pid 2563] <... write resumed>) = 4 [pid 2562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2563] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2562] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2563] <... futex resumed>) = 0 [pid 2562] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2563] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2562] <... mprotect resumed>) = 0 [pid 2562] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2570] <... mount resumed>) = 0 [pid 2562] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2582]}, 88) = 2582 [pid 2562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2562] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2562] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2570] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2570] chdir("./file2") = 0 [pid 2570] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 2582 attached [pid 2567] <... mount resumed>) = 0 [pid 2582] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2582] write(4, "#! \n", 4) = 4 [pid 2567] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2582] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2562] <... futex resumed>) = 0 [pid 2562] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2563] <... futex resumed>) = 0 [pid 2562] <... futex resumed>) = 1 [pid 2563] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2562] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2582] <... futex resumed>) = 1 [pid 2567] <... openat resumed>) = 3 [pid 2563] <... mmap resumed>) = 0x200000000000 [pid 2567] chdir("./file2") = 0 [pid 2567] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2582] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2563] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2562] <... futex resumed>) = 0 [pid 2562] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2562] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2563] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2582] <... futex resumed>) = ? [pid 2562] <... futex resumed>) = ? [pid 2582] +++ killed by SIGBUS +++ [pid 2563] +++ killed by SIGBUS +++ [pid 2562] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2562, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 290] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./75/file2" [pid 2577] <... ioctl resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2570] <... openat resumed>) = 4 [pid 290] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./75/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2570] ioctl(4, LOOP_CLR_FD [pid 290] close(3 [pid 2577] close(3 [pid 2567] <... openat resumed>) = 4 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./75") = 0 [pid 290] mkdir("./76", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = 0 [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2584 [pid 2570] <... ioctl resumed>) = 0 [pid 2570] close(4) = 0 [pid 2570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2577] <... close resumed>) = 0 [pid 2577] close(4) = 0 [pid 2577] mkdir("./file2", 0777) = 0 [ 57.842610][ T2563] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2577] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2569] <... futex resumed>) = 0 [pid 2567] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 2584 attached [pid 2569] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] set_robust_list(0x555594a056a0, 24 [pid 2570] <... futex resumed>) = 0 [pid 2569] <... futex resumed>) = 1 executing program [pid 2568] <... mount resumed>) = 0 [pid 2584] <... set_robust_list resumed>) = 0 [pid 2570] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2569] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2568] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2584] chdir("./76" [pid 2570] <... openat resumed>) = 4 [pid 2568] <... openat resumed>) = 3 [pid 2584] <... chdir resumed>) = 0 [pid 2570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] chdir("./file2" [pid 2584] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2570] <... futex resumed>) = 1 [pid 2569] <... futex resumed>) = 0 [pid 2568] <... chdir resumed>) = 0 [pid 2584] <... prctl resumed>) = 0 [pid 2570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2569] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2584] setpgid(0, 0 [pid 2570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2569] <... futex resumed>) = 0 [pid 2584] <... setpgid resumed>) = 0 [pid 2570] write(4, "#! \n", 4 [pid 2569] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2577] <... mount resumed>) = 0 [pid 2570] <... write resumed>) = 4 [pid 2569] <... futex resumed>) = 0 [pid 2584] <... openat resumed>) = 3 [pid 2577] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2584] write(3, "1000", 4 [pid 2577] <... openat resumed>) = 3 [pid 2570] <... futex resumed>) = 0 [pid 2569] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2584] <... write resumed>) = 4 [pid 2577] chdir("./file2" [pid 2570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2569] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2584] close(3 [pid 2577] <... chdir resumed>) = 0 [pid 2569] <... mprotect resumed>) = 0 [pid 2584] <... close resumed>) = 0 [pid 2577] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2584] symlink("/dev/binderfs", "./binderfs" [pid 2569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2584] <... symlink resumed>) = 0 [pid 2569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2584] write(1, "executing program\n", 18./strace-static-x86_64: Process 2589 attached ) = 18 [pid 2589] set_robust_list(0x7f0aeccae9a0, 24 [pid 2584] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2569] <... clone3 resumed> => {parent_tid=[2589]}, 88) = 2589 [pid 2589] <... set_robust_list resumed>) = 0 [pid 2584] <... futex resumed>) = 0 [pid 2569] rt_sigprocmask(SIG_SETMASK, [], [pid 2589] rt_sigprocmask(SIG_SETMASK, [], [pid 2584] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2584] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2569] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] write(4, "#! \n", 4 [pid 2584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2569] <... futex resumed>) = 0 [pid 2589] <... write resumed>) = 4 [pid 2584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2569] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2589] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2589] <... futex resumed>) = 0 [pid 2584] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2569] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2570] <... futex resumed>) = 0 [pid 2569] <... futex resumed>) = 1 [pid 2584] <... mprotect resumed>) = 0 [pid 2570] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2569] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2570] <... mmap resumed>) = 0x200000000000 [pid 2584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2590 attached ) = 1 [pid 2569] <... futex resumed>) = 0 [pid 2590] set_robust_list(0x7f0aecccf9a0, 24 [pid 2584] <... clone3 resumed> => {parent_tid=[2590]}, 88) = 2590 [pid 2570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2569] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2590] <... set_robust_list resumed>) = 0 [pid 2584] rt_sigprocmask(SIG_SETMASK, [], [pid 2570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2569] <... futex resumed>) = 0 [pid 2590] rt_sigprocmask(SIG_SETMASK, [], [pid 2584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2569] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2590] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2590] <... futex resumed>) = 0 [pid 2584] <... futex resumed>) = 1 [pid 2590] memfd_create("syzkaller", 0 [pid 2584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2590] <... memfd_create resumed>) = 3 [pid 2590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2590] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2590] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2569] <... futex resumed>) = ? [pid 2589] <... futex resumed>) = ? [pid 2589] +++ killed by SIGBUS +++ [pid 2590] <... openat resumed>) = 4 [pid 2577] <... openat resumed>) = 4 [pid 2570] +++ killed by SIGBUS +++ [pid 2569] +++ killed by SIGBUS +++ [pid 2568] <... openat resumed>) = 4 [pid 2567] <... ioctl resumed>) = 0 [pid 2577] ioctl(4, LOOP_CLR_FD [pid 2568] ioctl(4, LOOP_CLR_FD [pid 2567] close(4 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2569, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2590] ioctl(4, LOOP_SET_FD, 3 [pid 2577] <... ioctl resumed>) = 0 [pid 2568] <... ioctl resumed>) = 0 [pid 2567] <... close resumed>) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2577] close(4 [pid 2568] close(4 [pid 2567] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2567] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2577] <... close resumed>) = 0 [pid 2568] <... close resumed>) = 0 [pid 2577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2577] <... futex resumed>) = 1 [pid 2576] <... futex resumed>) = 0 [pid 2568] <... futex resumed>) = 1 [pid 2566] <... futex resumed>) = 0 [pid 2577] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2576] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2566] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2577] <... openat resumed>) = 4 [pid 2576] <... futex resumed>) = 0 [pid 2568] <... openat resumed>) = 4 [pid 2566] <... futex resumed>) = 0 [pid 2564] <... futex resumed>) = 0 [pid 2577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2576] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2568] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2566] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] <... futex resumed>) = 0 [pid 2567] <... futex resumed>) = 0 [pid 2568] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2564] <... futex resumed>) = 1 [pid 2567] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2577] <... futex resumed>) = 0 [pid 2576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2577] write(4, "#! \n", 4 [pid 2576] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2566] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... openat resumed>) = 4 [pid 2567] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] <... futex resumed>) = 0 [pid 2567] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2564] <... futex resumed>) = 0 [pid 2567] write(4, "#! \n", 4 [pid 2564] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2577] <... write resumed>) = 4 [pid 2576] <... futex resumed>) = 0 [pid 2568] <... futex resumed>) = 0 [pid 2567] <... write resumed>) = 4 [pid 2566] <... futex resumed>) = 1 [pid 2564] <... futex resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 2568] write(4, "#! \n", 4 [pid 2567] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2576] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] <... write resumed>) = 4 [pid 2567] <... futex resumed>) = 0 [pid 2566] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2564] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2568] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2564] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2568] <... futex resumed>) = 0 [pid 2564] <... mprotect resumed>) = 0 [pid 2568] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2590] <... ioctl resumed>) = 0 [pid 2577] <... futex resumed>) = 0 [pid 2576] <... futex resumed>) = 0 [pid 2566] <... futex resumed>) = 0 [pid 2564] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2590] close(3 [pid 2577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2564] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2590] <... close resumed>) = 0 [pid 2576] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2566] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2590] close(4 [pid 2576] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2566] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2590] <... close resumed>) = 0 [pid 2576] <... mprotect resumed>) = 0 [pid 2566] <... mprotect resumed>) = 0 [pid 2564] <... clone3 resumed> => {parent_tid=[2592]}, 88) = 2592 [pid 287] <... openat resumed>) = 3 [pid 2590] mkdir("./file2", 0777 [pid 2576] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2566] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2564] rt_sigprocmask(SIG_SETMASK, [], [pid 287] newfstatat(3, "", [pid 2590] <... mkdir resumed>) = 0 [pid 2576] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2566] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2590] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2564] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2576] <... clone3 resumed> => {parent_tid=[2593]}, 88) = 2593 [pid 2566] <... clone3 resumed> => {parent_tid=[2594]}, 88) = 2594 [pid 2564] <... futex resumed>) = 0 [pid 287] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2576] rt_sigprocmask(SIG_SETMASK, [], [pid 2566] rt_sigprocmask(SIG_SETMASK, [], [pid 2564] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2576] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2566] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2576] <... futex resumed>) = 0 [pid 2566] <... futex resumed>) = 0 [pid 2576] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2592 attached [pid 2592] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2592] write(4, "#! \n", 4) = 4 [pid 2592] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2592] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2564] <... futex resumed>) = 0 [pid 2564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] <... futex resumed>) = 0 [pid 2564] <... futex resumed>) = 1 [pid 2567] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2567] <... mmap resumed>) = 0x200000000000 [pid 2567] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] <... futex resumed>) = 0 [ 57.913088][ T2570] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2593 attached [pid 2593] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2593] write(4, "#! \n", 4) = 4 [pid 2593] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2576] <... futex resumed>) = 0 [pid 2576] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2577] <... futex resumed>) = 0 [pid 2576] <... futex resumed>) = 1 [pid 2577] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2576] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2577] <... mmap resumed>) = 0x200000000000 [pid 2577] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2576] <... futex resumed>) = 0 [pid 2577] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2576] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2576] <... futex resumed>) = 0 [pid 2564] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2594 attached [pid 2576] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2593] <... futex resumed>) = 1 [pid 2593] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2594] set_robust_list(0x7f0aeccae9a0, 24 [pid 2576] <... futex resumed>) = ? [pid 2594] <... set_robust_list resumed>) = 0 [pid 2567] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2594] rt_sigprocmask(SIG_SETMASK, [], [pid 2593] <... futex resumed>) = ? [pid 2592] <... futex resumed>) = ? [pid 2594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2564] <... futex resumed>) = ? [pid 2594] write(4, "#! \n", 4 [pid 2577] +++ killed by SIGBUS +++ [pid 2594] <... write resumed>) = 4 [pid 2593] +++ killed by SIGBUS +++ [pid 2590] <... mount resumed>) = 0 [pid 2576] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2576, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2590] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2590] chdir("./file2") = 0 [pid 2594] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2592] +++ killed by SIGBUS +++ [pid 2590] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2594] <... futex resumed>) = 1 [pid 2566] <... futex resumed>) = 0 [pid 2594] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2566] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2568] <... futex resumed>) = 0 [pid 2566] <... futex resumed>) = 1 [pid 2568] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2566] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2568] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2568] <... futex resumed>) = 0 [pid 2566] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2567] +++ killed by SIGBUS +++ [pid 2566] <... futex resumed>) = 0 [pid 2564] +++ killed by SIGBUS +++ [pid 2566] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2564, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2568] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2594] <... futex resumed>) = ? [pid 2566] <... futex resumed>) = ? [pid 2594] +++ killed by SIGBUS +++ [pid 2568] +++ killed by SIGBUS +++ [pid 2566] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2566, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2590] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 2590] ioctl(4, LOOP_CLR_FD [pid 287] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./78/file2") = 0 [pid 287] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./78/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./78") = 0 [pid 287] mkdir("./79", 0777) = 0 [ 57.956696][ T2567] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 57.963181][ T2577] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 57.991975][ T2568] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2590] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 2590] close(4 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2590] <... close resumed>) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./73/file2") = 0 [pid 289] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./73/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./73") = 0 [pid 289] mkdir("./74", 0777 [pid 2590] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2597 ./strace-static-x86_64: Process 2597 attached [pid 2597] set_robust_list(0x555594a056a0, 24) = 0 [pid 2597] chdir("./74") = 0 [pid 2597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2597] setpgid(0, 0) = 0 [pid 2597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2597] write(3, "1000", 4 [pid 2590] <... futex resumed>) = 1 [pid 2584] <... futex resumed>) = 0 [pid 2590] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... umount2 resumed>) = 0 [pid 2584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2584] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2590] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2597] <... write resumed>) = 4 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2590] <... openat resumed>) = 4 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2590] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2584] <... futex resumed>) = 0 [pid 291] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 287] close(3 [pid 2590] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2584] <... futex resumed>) = 0 [pid 2590] write(4, "#! \n", 4 [pid 288] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2584] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... close resumed>) = 0 [pid 2590] <... write resumed>) = 4 [pid 2584] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2590] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2590] <... futex resumed>) = 0 [pid 2584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2590] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2584] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] newfstatat(AT_FDCWD, "./75/file2", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2584] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2598 [pid 2584] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] newfstatat(AT_FDCWD, "./73/file2", [pid 2584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2584] <... clone3 resumed> => {parent_tid=[2599]}, 88) = 2599 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2584] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2584] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 2597] close(3) = 0 [pid 2597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2597] write(1, "executing program\n", 18executing program ) = 18 [pid 2597] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 2597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2597] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2600]}, 88) = 2600 [pid 2597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2597] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2598 attached [pid 2598] set_robust_list(0x555594a056a0, 24) = 0 [pid 2598] chdir("./79") = 0 [pid 2598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2598] setpgid(0, 0) = 0 [pid 2598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2598] write(3, "1000", 4) = 4 [pid 2598] close(3) = 0 [pid 2598] symlink("/dev/binderfs", "./binderfs" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 288] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 288] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] <... close resumed>) = 0 [pid 288] close(4 [pid 291] rmdir("./75/file2" [pid 288] <... close resumed>) = 0 [pid 2598] <... symlink resumed>) = 0 [pid 2598] write(1, "executing program\n", 18 [pid 291] <... rmdir resumed>) = 0 [pid 288] rmdir("./73/file2" [pid 291] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 2598] <... write resumed>) = 18 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./75/binderfs", [pid 288] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] unlink("./75/binderfs" [pid 288] newfstatat(AT_FDCWD, "./73/binderfs", [pid 291] <... unlink resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] getdents64(3, [pid 288] unlink("./73/binderfs" [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2598] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 288] <... unlink resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 291] rmdir("./75" [pid 288] getdents64(3, [pid 2598] <... futex resumed>) = 0 [pid 2598] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 291] <... rmdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 2599 attached [pid 291] mkdir("./76", 0777 [pid 288] close(3 [pid 2598] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2598] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2599] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] <... mkdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2599] <... set_robust_list resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2599] rt_sigprocmask(SIG_SETMASK, [], [pid 2598] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... openat resumed>) = 3 [pid 288] rmdir("./73" [pid 2599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 2598] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2599] write(4, "#! \n", 4 [pid 2598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... rmdir resumed>) = 0 [pid 291] close(3 [pid 288] mkdir("./74", 0777 [pid 291] <... close resumed>) = 0 ./strace-static-x86_64: Process 2601 attached ./strace-static-x86_64: Process 2600 attached [pid 2599] <... write resumed>) = 4 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... mkdir resumed>) = 0 [pid 2599] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2599] <... futex resumed>) = 1 [pid 2584] <... futex resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2602 [pid 288] <... openat resumed>) = 3 [pid 2599] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2598] <... clone3 resumed> => {parent_tid=[2601]}, 88) = 2601 [pid 2584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2601] set_robust_list(0x7f0aecccf9a0, 24 [pid 2600] set_robust_list(0x7f0aecccf9a0, 24 [pid 2598] rt_sigprocmask(SIG_SETMASK, [], [pid 2590] <... futex resumed>) = 0 [pid 2584] <... futex resumed>) = 1 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2590] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] close(3 [pid 2598] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2590] <... mmap resumed>) = 0x200000000000 [pid 288] <... close resumed>) = 0 [pid 2598] <... futex resumed>) = 0 [pid 2590] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2601] <... set_robust_list resumed>) = 0 [pid 2600] <... set_robust_list resumed>) = 0 [pid 2598] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2590] <... futex resumed>) = 1 [pid 2584] <... futex resumed>) = 0 [pid 2601] rt_sigprocmask(SIG_SETMASK, [], [pid 2600] rt_sigprocmask(SIG_SETMASK, [], [pid 2590] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2584] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2603 [pid 2601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2584] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2603 attached ./strace-static-x86_64: Process 2602 attached [pid 2601] memfd_create("syzkaller", 0 [pid 2600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2603] set_robust_list(0x555594a056a0, 24 [pid 2602] set_robust_list(0x555594a056a0, 24 [pid 2601] <... memfd_create resumed>) = 3 [pid 2600] memfd_create("syzkaller", 0 [pid 2603] <... set_robust_list resumed>) = 0 [pid 2602] <... set_robust_list resumed>) = 0 [pid 2601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2600] <... memfd_create resumed>) = 3 [pid 2603] chdir("./74" [pid 2602] chdir("./76" [pid 2601] <... mmap resumed>) = 0x7f0ae48af000 [pid 2600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2603] <... chdir resumed>) = 0 [pid 2602] <... chdir resumed>) = 0 [pid 2601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2600] <... mmap resumed>) = 0x7f0ae48af000 [pid 2603] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2602] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2601] <... write resumed>) = 524288 [pid 2600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2603] <... prctl resumed>) = 0 [pid 2602] <... prctl resumed>) = 0 [pid 2601] munmap(0x7f0ae48af000, 138412032 [pid 2590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2584] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2603] setpgid(0, 0 [pid 2600] <... write resumed>) = 524288 [pid 2599] <... futex resumed>) = ? [pid 2584] <... futex resumed>) = ? [pid 2601] <... munmap resumed>) = 0 [pid 2603] <... setpgid resumed>) = 0 [pid 2602] setpgid(0, 0 [pid 2601] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2600] munmap(0x7f0ae48af000, 138412032 [pid 2599] +++ killed by SIGBUS +++ [pid 2603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2602] <... setpgid resumed>) = 0 [pid 2601] <... openat resumed>) = 4 [pid 2600] <... munmap resumed>) = 0 [pid 2603] <... openat resumed>) = 3 [pid 2602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2601] ioctl(4, LOOP_SET_FD, 3 [pid 2600] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2603] write(3, "1000", 4 [pid 2602] <... openat resumed>) = 3 [pid 2590] +++ killed by SIGBUS +++ [pid 2584] +++ killed by SIGBUS +++ [pid 2603] <... write resumed>) = 4 [pid 2603] close(3 [pid 2602] write(3, "1000", 4 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2584, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2603] <... close resumed>) = 0 [pid 2603] symlink("/dev/binderfs", "./binderfs" [pid 2602] <... write resumed>) = 4 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2603] <... symlink resumed>) = 0 executing program [pid 2603] write(1, "executing program\n", 18 [pid 2602] close(3 [pid 2603] <... write resumed>) = 18 [pid 2603] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2602] <... close resumed>) = 0 [pid 2603] <... futex resumed>) = 0 [pid 2603] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2602] symlink("/dev/binderfs", "./binderfs"executing program [pid 2603] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2602] <... symlink resumed>) = 0 [pid 2603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2602] write(1, "executing program\n", 18 [pid 2603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2602] <... write resumed>) = 18 [pid 2603] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2602] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2603] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2602] <... futex resumed>) = 0 [pid 2603] <... mprotect resumed>) = 0 [pid 2602] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2603] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2602] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2603] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2603] <... clone3 resumed> => {parent_tid=[2606]}, 88) = 2606 [pid 2602] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2603] rt_sigprocmask(SIG_SETMASK, [], [pid 2602] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2602] <... mprotect resumed>) = 0 [pid 2603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2602] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2603] <... futex resumed>) = 0 [pid 2602] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2607]}, 88) = 2607 [pid 2602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2602] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2602] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2607 attached ./strace-static-x86_64: Process 2606 attached [pid 2601] <... ioctl resumed>) = 0 [pid 2600] <... openat resumed>) = 4 [pid 2607] set_robust_list(0x7f0aecccf9a0, 24 [pid 2601] close(3 [pid 2600] ioctl(4, LOOP_SET_FD, 3 [pid 2606] set_robust_list(0x7f0aecccf9a0, 24 [pid 2601] <... close resumed>) = 0 [pid 2607] <... set_robust_list resumed>) = 0 [pid 2601] close(4 [pid 2607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2607] memfd_create("syzkaller", 0) = 3 [pid 2606] <... set_robust_list resumed>) = 0 [pid 2607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2600] <... ioctl resumed>) = 0 [pid 2601] <... close resumed>) = 0 [pid 2600] close(3) = 0 [pid 2600] close(4) = 0 [pid 2600] mkdir("./file2", 0777 [pid 2607] <... mmap resumed>) = 0x7f0ae48af000 [pid 2606] rt_sigprocmask(SIG_SETMASK, [], [pid 2601] mkdir("./file2", 0777 [pid 2600] <... mkdir resumed>) = 0 [pid 2601] <... mkdir resumed>) = 0 [pid 2606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2600] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... restart_syscall resumed>) = 0 [pid 2606] memfd_create("syzkaller", 0 [pid 2601] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2606] <... memfd_create resumed>) = 3 [pid 2607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 290] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2606] <... mmap resumed>) = 0x7f0ae48af000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2607] <... write resumed>) = 524288 [pid 2607] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2607] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2606] <... write resumed>) = 524288 [pid 2606] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2606] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2601] <... mount resumed>) = 0 [pid 2601] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2601] chdir("./file2") = 0 [ 58.162973][ T2590] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2601] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2607] <... openat resumed>) = 4 [pid 2607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2607] close(3) = 0 [pid 2607] close(4) = 0 [pid 2607] mkdir("./file2", 0777 [pid 2601] <... openat resumed>) = 4 [pid 2607] <... mkdir resumed>) = 0 [pid 2607] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2606] <... openat resumed>) = 4 [pid 2606] ioctl(4, LOOP_SET_FD, 3 [pid 290] <... umount2 resumed>) = 0 [pid 2601] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2606] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2606] close(3) = 0 [pid 2606] close(4 [pid 290] newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./76/file2") = 0 [pid 290] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./76/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./76") = 0 [pid 290] mkdir("./77", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2600] <... mount resumed>) = 0 [pid 2600] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2600] chdir("./file2") = 0 [pid 2600] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2601] <... ioctl resumed>) = 0 [pid 2601] close(4 [pid 2606] <... close resumed>) = 0 [pid 2601] <... close resumed>) = 0 [pid 2600] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 2606] mkdir("./file2", 0777 [pid 2601] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3 [pid 2606] <... mkdir resumed>) = 0 [pid 2601] <... futex resumed>) = 1 [pid 2600] ioctl(4, LOOP_CLR_FD [pid 2598] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 2606] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2601] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2598] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2600] <... ioctl resumed>) = 0 [pid 2598] <... futex resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2616 [pid 2601] <... openat resumed>) = 4 [pid 2598] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] close(4 [pid 2598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2601] <... futex resumed>) = 0 [pid 2600] <... close resumed>) = 0 [pid 2598] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2601] write(4, "#! \n", 4executing program ) = 4 [pid 2600] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2598] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2616 attached [pid 2616] set_robust_list(0x555594a056a0, 24) = 0 [pid 2616] chdir("./77") = 0 [pid 2616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2616] setpgid(0, 0) = 0 [pid 2616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2616] write(3, "1000", 4) = 4 [pid 2616] close(3) = 0 [pid 2616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2616] write(1, "executing program\n", 18) = 18 [pid 2616] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2616] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2616] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2616] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2618]}, 88) = 2618 [pid 2616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2616] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2616] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2618 attached [pid 2618] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2618] memfd_create("syzkaller", 0 [pid 2601] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 1 [pid 2598] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2597] <... futex resumed>) = 0 [pid 2618] <... memfd_create resumed>) = 3 [pid 2601] <... futex resumed>) = 0 [pid 2600] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2598] <... futex resumed>) = 0 [pid 2601] write(4, "#! \n", 4 [pid 2597] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2598] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] <... write resumed>) = 4 [pid 2600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2601] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2597] <... futex resumed>) = 0 [pid 2618] <... mmap resumed>) = 0x7f0ae48af000 [pid 2600] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2597] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] <... futex resumed>) = 1 [pid 2598] <... futex resumed>) = 0 [pid 2598] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2601] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2598] <... futex resumed>) = 0 [pid 2601] <... mmap resumed>) = 0x200000000000 [pid 2598] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... openat resumed>) = 4 [pid 2601] <... futex resumed>) = 1 [pid 2598] <... futex resumed>) = 0 [pid 2600] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2598] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2618] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2618] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2618] ioctl(4, LOOP_SET_FD, 3 [pid 2600] <... futex resumed>) = 1 [pid 2600] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2598] <... futex resumed>) = 0 [pid 2598] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2607] <... mount resumed>) = 0 [pid 2607] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2607] chdir("./file2") = 0 [pid 2607] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 0 [pid 2597] <... futex resumed>) = 1 [pid 2600] write(4, "#! \n", 4 [pid 2597] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... write resumed>) = 4 [pid 2597] <... futex resumed>) = 0 [pid 2600] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2600] <... futex resumed>) = 0 [pid 2597] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2600] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2597] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2622]}, 88) = 2622 [pid 2597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2597] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2597] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2618] <... ioctl resumed>) = 0 [pid 2607] <... openat resumed>) = 4 [pid 2607] ioctl(4, LOOP_CLR_FD) = 0 [pid 2618] close(3 [pid 2607] close(4 [pid 2618] <... close resumed>) = 0 [pid 2607] <... close resumed>) = 0 [pid 2618] close(4 [pid 2607] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2607] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2606] <... mount resumed>) = 0 [pid 2606] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2606] chdir("./file2" [pid 2602] <... futex resumed>) = 0 [pid 2606] <... chdir resumed>) = 0 [pid 2602] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2607] <... futex resumed>) = 0 [pid 2602] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2607] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2606] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 2622 attached [pid 2607] <... openat resumed>) = 4 [pid 2607] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2602] <... futex resumed>) = 0 [pid 2607] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2602] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2622] set_robust_list(0x7f0aeccae9a0, 24 [pid 2607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2607] write(4, "#! \n", 4) = 4 [pid 2622] <... set_robust_list resumed>) = 0 [pid 2602] <... futex resumed>) = 0 [pid 2607] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2607] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2598] <... futex resumed>) = ? [pid 2602] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2622] rt_sigprocmask(SIG_SETMASK, [], [pid 2602] <... futex resumed>) = 1 [pid 2607] <... futex resumed>) = 0 [pid 2602] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2607] write(4, "#! \n", 4) = 4 [pid 2622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2607] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2622] write(4, "#! \n", 4 [pid 2607] <... futex resumed>) = 1 [pid 2602] <... futex resumed>) = 0 [pid 2607] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2602] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2602] <... futex resumed>) = 0 [pid 2607] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2602] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2607] <... mmap resumed>) = 0x200000000000 [pid 2607] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2602] <... futex resumed>) = 0 [pid 2607] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2602] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2602] <... futex resumed>) = 0 [pid 2601] +++ killed by SIGBUS +++ [pid 2598] +++ killed by SIGBUS +++ [pid 2622] <... write resumed>) = 4 [pid 2622] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 0 [pid 2597] <... futex resumed>) = 1 [pid 2600] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2597] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2600] <... mmap resumed>) = 0x200000000000 [pid 2600] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2597] <... futex resumed>) = 0 [pid 2622] <... futex resumed>) = 1 [pid 2607] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2602] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2597] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2598, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2622] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2602] <... futex resumed>) = ? [pid 2607] +++ killed by SIGBUS +++ [pid 2602] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2602, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2597] <... futex resumed>) = 0 [pid 2597] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2618] <... close resumed>) = 0 [pid 2618] mkdir("./file2", 0777 [pid 2606] <... openat resumed>) = 4 [pid 2600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2622] <... futex resumed>) = ? [pid 2597] <... futex resumed>) = ? [pid 2606] ioctl(4, LOOP_CLR_FD) = 0 [pid 2606] close(4 [pid 2622] +++ killed by SIGBUS +++ [pid 2600] +++ killed by SIGBUS +++ [pid 2597] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2597, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2606] <... close resumed>) = 0 [pid 2618] <... mkdir resumed>) = 0 [pid 2606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2618] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2606] <... futex resumed>) = 1 [pid 2606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2606] <... futex resumed>) = 0 [pid 2603] <... futex resumed>) = 1 [pid 2606] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2606] <... openat resumed>) = 4 [pid 2606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2603] <... futex resumed>) = 0 [pid 2606] write(4, "#! \n", 4 [pid 2603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2606] <... write resumed>) = 4 [pid 2603] <... futex resumed>) = 0 [pid 2606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2603] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2606] <... futex resumed>) = 0 [pid 2603] <... futex resumed>) = 0 [pid 2606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2603] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2623]}, 88) = 2623 ./strace-static-x86_64: Process 2623 attached [pid 2603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2603] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2603] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2623] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2623] write(4, "#! \n", 4) = 4 [pid 2623] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2606] <... futex resumed>) = 0 [pid 2603] <... futex resumed>) = 1 [pid 2606] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2623] <... futex resumed>) = 1 [pid 2606] <... mmap resumed>) = 0x200000000000 [pid 2623] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2603] <... futex resumed>) = 0 [pid 2603] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.449341][ T2601] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 58.468906][ T2607] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 58.470098][ T2600] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2603] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2606] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2623] <... futex resumed>) = ? [pid 2603] <... futex resumed>) = ? [pid 289] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2623] +++ killed by SIGBUS +++ [pid 2606] +++ killed by SIGBUS +++ [pid 2603] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2603, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2618] <... mount resumed>) = 0 [pid 2618] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 288] <... restart_syscall resumed>) = 0 [pid 2618] <... openat resumed>) = 3 [pid 2618] chdir("./file2") = 0 [pid 288] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2618] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./79/file2") = 0 [pid 287] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./79/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./79") = 0 [pid 287] mkdir("./80", 0777) = 0 [ 58.513021][ T2606] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2618] <... openat resumed>) = 4 [pid 2618] ioctl(4, LOOP_CLR_FD [pid 287] <... openat resumed>) = 3 [pid 291] <... umount2 resumed>) = 0 [pid 2618] <... ioctl resumed>) = 0 [pid 291] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2626 ./strace-static-x86_64: Process 2626 attached [pid 2626] set_robust_list(0x555594a056a0, 24) = 0 [pid 2618] close(4 [pid 2626] chdir("./80") = 0 [pid 2626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2626] setpgid(0, 0) = 0 [pid 2626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2626] write(3, "1000", 4) = 4 [pid 2626] close(3) = 0 [pid 2626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(AT_FDCWD, "./74/file2", [pid 288] newfstatat(AT_FDCWD, "./74/file2", [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(4, "", [pid 289] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] getdents64(4, [pid 289] newfstatat(4, "", [pid 288] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2626] write(1, "executing program\n", 18 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 288] <... openat resumed>) = 4 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 291] close(4 [pid 288] newfstatat(4, "", [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 291] rmdir("./76/file2" [pid 288] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2626] <... write resumed>) = 18 [pid 2626] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2626] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 289] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... close resumed>) = 0 [pid 288] getdents64(4, [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] rmdir("./74/file2" [pid 291] newfstatat(AT_FDCWD, "./76/binderfs", [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2626] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2626] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2626] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] close(4 [pid 291] unlink("./76/binderfs" [pid 289] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... close resumed>) = 0 [pid 2626] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] <... unlink resumed>) = 0 [pid 288] rmdir("./74/file2" [pid 291] getdents64(3, [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2626] <... clone3 resumed> => {parent_tid=[2627]}, 88) = 2627 [pid 2626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2626] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./74/binderfs", [pid 288] <... rmdir resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] close(3 [pid 289] unlink("./74/binderfs" [pid 288] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... close resumed>) = 0 [pid 2626] <... futex resumed>) = 0 [pid 2626] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 289] <... unlink resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] rmdir("./76" [pid 289] getdents64(3, [pid 288] newfstatat(AT_FDCWD, "./74/binderfs", ./strace-static-x86_64: Process 2627 attached [pid 2627] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] mkdir("./77", 0777 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] unlink("./74/binderfs" [pid 2627] memfd_create("syzkaller", 0) = 3 [pid 2627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 291] <... mkdir resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] close(3 [pid 288] getdents64(3, [pid 289] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] rmdir("./74" [pid 288] close(3 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 289] mkdir("./75", 0777 [pid 288] rmdir("./74" [pid 289] <... mkdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] mkdir("./75", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2627] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2627] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program executing program [pid 2618] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2618] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 3 [pid 2618] <... futex resumed>) = 1 [pid 2616] <... futex resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 2618] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2616] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2616] <... futex resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] ioctl(3, LOOP_CLR_FD [pid 2618] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2616] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2628 ./strace-static-x86_64: Process 2628 attached [pid 2628] set_robust_list(0x555594a056a0, 24) = 0 [pid 291] close(3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2618] <... openat resumed>) = 4 [pid 289] close(3 [pid 2618] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 2618] <... futex resumed>) = 1 [pid 2616] <... futex resumed>) = 0 [pid 2618] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2616] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... close resumed>) = 0 [pid 2618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2616] <... futex resumed>) = 0 [pid 2618] write(4, "#! \n", 4 [pid 2616] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2618] <... write resumed>) = 4 [pid 2616] <... futex resumed>) = 0 [pid 2628] chdir("./75" [pid 2618] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2618] <... futex resumed>) = 0 [pid 2616] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2618] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2616] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2628] <... chdir resumed>) = 0 [pid 2616] <... mprotect resumed>) = 0 [pid 2628] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2629 [pid 2616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2628] <... prctl resumed>) = 0 [pid 2628] setpgid(0, 0) = 0 [pid 2616] <... clone3 resumed> => {parent_tid=[2630]}, 88) = 2630 [pid 2616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2616] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2631 [pid 2616] <... futex resumed>) = 0 [pid 2616] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2628] write(3, "1000", 4) = 4 [pid 2628] close(3) = 0 [pid 2628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2628] write(1, "executing program\n", 18) = 18 [pid 2628] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2628] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2628] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2632]}, 88) = 2632 [pid 2628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2629 attached [pid 2629] set_robust_list(0x555594a056a0, 24) = 0 [pid 2629] chdir("./75") = 0 [pid 2629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2629] setpgid(0, 0) = 0 [pid 2629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2629] write(3, "1000", 4) = 4 [pid 2629] close(3) = 0 [pid 2629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2629] write(1, "executing program\n", 18) = 18 [pid 2629] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2629] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2629] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2633]}, 88) = 2633 [pid 2629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2629] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2629] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2633 attached [pid 2633] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2633] memfd_create("syzkaller", 0) = 3 [pid 2633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2627] <... openat resumed>) = 4 [pid 2627] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2630 attached ./strace-static-x86_64: Process 2631 attached [pid 2630] set_robust_list(0x7f0aeccae9a0, 24 [pid 2631] set_robust_list(0x555594a056a0, 24 [pid 2633] <... write resumed>) = 524288 [pid 2633] munmap(0x7f0ae48af000, 138412032 [pid 2630] <... set_robust_list resumed>) = 0 [pid 2633] <... munmap resumed>) = 0 [pid 2633] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 2632 attached [pid 2632] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2632] memfd_create("syzkaller", 0) = 3 [pid 2632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2627] <... ioctl resumed>) = 0 [pid 2633] <... openat resumed>) = 4 [pid 2631] <... set_robust_list resumed>) = 0 [pid 2630] rt_sigprocmask(SIG_SETMASK, [], [pid 2633] ioctl(4, LOOP_SET_FD, 3 [pid 2627] close(3) = 0 [pid 2627] close(4 [pid 2630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2631] chdir("./77" [pid 2630] write(4, "#! \n", 4 [pid 2631] <... chdir resumed>) = 0 [pid 2630] <... write resumed>) = 4 [pid 2631] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2630] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] <... prctl resumed>) = 0 [pid 2616] <... futex resumed>) = 0 [pid 2630] <... futex resumed>) = 1 [pid 2631] setpgid(0, 0 [pid 2616] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2618] <... futex resumed>) = 0 [pid 2631] <... setpgid resumed>) = 0 [pid 2630] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2616] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2618] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2618] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2616] <... futex resumed>) = 0 [pid 2631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2618] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2616] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2616] <... futex resumed>) = 0 [pid 2632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2632] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2632] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 2631] <... openat resumed>) = 3 [pid 2631] write(3, "1000", 4) = 4 [pid 2631] close(3) = 0 [pid 2631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2631] write(1, "executing program\n", 18) = 18 [pid 2631] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2631] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2631] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2636]}, 88) = 2636 [pid 2631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2631] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2631] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2616] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2633] <... ioctl resumed>) = 0 [pid 2633] close(3) = 0 [pid 2633] close(4./strace-static-x86_64: Process 2636 attached [pid 2636] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2636] memfd_create("syzkaller", 0) = 3 [pid 2636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2636] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2636] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2618] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2630] <... futex resumed>) = ? [pid 2616] <... futex resumed>) = ? [pid 2630] +++ killed by SIGBUS +++ [pid 2618] +++ killed by SIGBUS +++ [pid 2616] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2616, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2633] <... close resumed>) = 0 [pid 2633] mkdir("./file2", 0777) = 0 [ 58.707302][ T2618] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2633] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2632] <... openat resumed>) = 4 [pid 2627] <... close resumed>) = 0 [pid 2632] ioctl(4, LOOP_SET_FD, 3 [pid 2627] mkdir("./file2", 0777 [pid 2632] <... ioctl resumed>) = 0 [pid 2632] close(3) = 0 [pid 2632] close(4 [pid 2627] <... mkdir resumed>) = 0 [pid 2627] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2636] <... openat resumed>) = 4 [pid 2632] <... close resumed>) = 0 [pid 2632] mkdir("./file2", 0777 [pid 2636] ioctl(4, LOOP_SET_FD, 3 [pid 2632] <... mkdir resumed>) = 0 [pid 2632] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2636] <... ioctl resumed>) = 0 [pid 2636] close(3) = 0 [pid 2636] close(4 [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./77/file2") = 0 [pid 290] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./77/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./77") = 0 [pid 290] mkdir("./78", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2627] <... mount resumed>) = 0 [pid 2632] <... mount resumed>) = 0 [pid 2627] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2627] chdir("./file2") = 0 [pid 2632] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2633] <... mount resumed>) = 0 [pid 2627] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2633] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2632] <... openat resumed>) = 3 [pid 2633] <... openat resumed>) = 3 [pid 2632] chdir("./file2" [pid 2633] chdir("./file2" [pid 2632] <... chdir resumed>) = 0 [pid 2632] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2633] <... chdir resumed>) = 0 [pid 2633] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2636] <... close resumed>) = 0 [pid 2633] <... openat resumed>) = 4 [pid 2627] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 2633] ioctl(4, LOOP_CLR_FD [pid 2627] ioctl(4, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 2633] <... ioctl resumed>) = 0 [pid 2627] <... ioctl resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2636] mkdir("./file2", 0777 [pid 2633] close(4 [pid 2632] <... openat resumed>) = 4 [pid 2627] close(4 [pid 290] close(3 [pid 2633] <... close resumed>) = 0 [pid 2636] <... mkdir resumed>) = 0 [pid 2627] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 2636] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2632] ioctl(4, LOOP_CLR_FD [pid 2627] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2633] <... futex resumed>) = 1 [pid 2632] <... ioctl resumed>) = 0 [pid 2629] <... futex resumed>) = 0 [pid 2627] <... futex resumed>) = 1 [pid 2626] <... futex resumed>) = 0 [pid 2633] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2632] close(4 [pid 2629] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2627] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2626] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2645 [pid 2633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2629] <... futex resumed>) = 0 [pid 2627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2626] <... futex resumed>) = 0 [pid 2633] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2629] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2627] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2626] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2633] <... openat resumed>) = 4 [pid 2632] <... close resumed>) = 0 [pid 2627] <... openat resumed>) = 4 [pid 2633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2632] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2627] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2633] <... futex resumed>) = 1 [pid 2632] <... futex resumed>) = 1 [pid 2629] <... futex resumed>) = 0 [pid 2628] <... futex resumed>) = 0 [pid 2627] <... futex resumed>) = 1 [pid 2626] <... futex resumed>) = 0 [pid 2633] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2632] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2629] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2629] <... futex resumed>) = 0 [pid 2628] <... futex resumed>) = 0 [pid 2627] write(4, "#! \n", 4 [pid 2626] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2633] write(4, "#! \n", 4 [pid 2632] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2629] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2627] <... write resumed>) = 4 [pid 2626] <... futex resumed>) = 0 [pid 2633] <... write resumed>) = 4 [pid 2629] <... futex resumed>) = 0 [pid 2632] <... openat resumed>) = 4 [pid 2626] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2627] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2632] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2627] <... futex resumed>) = 0 [pid 2626] <... futex resumed>) = 0 [pid 2633] <... futex resumed>) = 0 [pid 2632] <... futex resumed>) = 1 [pid 2629] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2628] <... futex resumed>) = 0 [pid 2627] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2633] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2632] write(4, "#! \n", 4 [pid 2629] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2632] <... write resumed>) = 4 [pid 2629] <... mprotect resumed>) = 0 [pid 2628] <... futex resumed>) = 0 [pid 2626] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2632] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2632] <... futex resumed>) = 0 [pid 2629] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2628] <... futex resumed>) = 0 [pid 2626] <... mprotect resumed>) = 0 [pid 2632] write(4, "#! \n", 4 [pid 2629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2632] <... write resumed>) = 4 [pid 2626] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2632] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] <... clone3 resumed> => {parent_tid=[2647]}, 88) = 2647 [pid 2626] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2632] <... futex resumed>) = 1 [pid 2629] rt_sigprocmask(SIG_SETMASK, [], [pid 2628] <... futex resumed>) = 0 [pid 2626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2632] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2629] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2628] <... futex resumed>) = 0 [pid 2632] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2629] <... futex resumed>) = 0 [pid 2628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] <... clone3 resumed> => {parent_tid=[2648]}, 88) = 2648 [pid 2632] <... mmap resumed>) = 0x200000000000 [pid 2629] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] rt_sigprocmask(SIG_SETMASK, [], [pid 2632] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2632] <... futex resumed>) = 1 [pid 2628] <... futex resumed>) = 0 [pid 2626] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2632] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... futex resumed>) = 0 [pid 2632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2628] <... futex resumed>) = 0 [pid 2626] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2647 attached [pid 2647] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2647] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2647] write(4, "#! \n", 4) = 4 ./strace-static-x86_64: Process 2645 attached [pid 2647] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] <... futex resumed>) = 0 [pid 2629] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2633] <... futex resumed>) = 0 [pid 2629] <... futex resumed>) = 1 [pid 2633] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2629] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2633] <... mmap resumed>) = 0x200000000000 [pid 2633] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2629] <... futex resumed>) = 0 [pid 2633] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2629] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2629] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2648 attached [pid 2647] <... futex resumed>) = 1 [pid 2645] set_robust_list(0x555594a056a0, 24 [pid 2636] <... mount resumed>) = 0 [pid 2632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2648] set_robust_list(0x7f0aeccae9a0, 24 [pid 2636] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2648] <... set_robust_list resumed>) = 0 [pid 2647] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] <... set_robust_list resumed>) = 0 [pid 2636] <... openat resumed>) = 3 [pid 2648] rt_sigprocmask(SIG_SETMASK, [], [pid 2645] chdir("./78" [pid 2636] chdir("./file2" [pid 2648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2645] <... chdir resumed>) = 0 [pid 2636] <... chdir resumed>) = 0 [pid 2648] write(4, "#! \n", 4 [pid 2645] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2636] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2648] <... write resumed>) = 4 [pid 2645] <... prctl resumed>) = 0 [pid 2636] <... openat resumed>) = 4 [pid 2648] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] setpgid(0, 0 [pid 2636] ioctl(4, LOOP_CLR_FD [pid 2648] <... futex resumed>) = 1 [pid 2645] <... setpgid resumed>) = 0 [pid 2636] <... ioctl resumed>) = 0 [pid 2626] <... futex resumed>) = 0 [pid 2648] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2636] close(4 [pid 2626] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... openat resumed>) = 3 [pid 2636] <... close resumed>) = 0 [pid 2627] <... futex resumed>) = 0 [pid 2626] <... futex resumed>) = 1 [pid 2645] write(3, "1000", 4 [pid 2636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2627] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2626] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... write resumed>) = 4 [pid 2636] <... futex resumed>) = 1 [pid 2627] <... mmap resumed>) = 0x200000000000 [pid 2645] close(3 [pid 2636] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2627] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... close resumed>) = 0 [pid 2627] <... futex resumed>) = 1 [pid 2626] <... futex resumed>) = 0 [pid 2645] symlink("/dev/binderfs", "./binderfs" [pid 2627] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2626] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... symlink resumed>) = 0 [pid 2631] <... futex resumed>) = 0 [pid 2627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) executing program [pid 2626] <... futex resumed>) = 0 [pid 2645] write(1, "executing program\n", 18 [pid 2631] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2629] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2628] <... futex resumed>) = ? [pid 2626] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] <... write resumed>) = 18 [pid 2636] <... futex resumed>) = 0 [pid 2631] <... futex resumed>) = 1 [pid 2636] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2631] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2645] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2636] <... openat resumed>) = 4 [pid 2645] <... futex resumed>) = 0 [pid 2636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2636] <... futex resumed>) = 1 [pid 2631] <... futex resumed>) = 0 [pid 2636] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2631] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2631] <... futex resumed>) = 0 [pid 2636] write(4, "#! \n", 4 [pid 2631] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2636] <... write resumed>) = 4 [pid 2631] <... futex resumed>) = 0 [pid 2645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2636] <... futex resumed>) = 0 [pid 2645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2636] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2631] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2645] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2631] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2645] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2632] +++ killed by SIGBUS +++ [pid 2628] +++ killed by SIGBUS +++ [pid 2631] <... mprotect resumed>) = 0 [pid 2645] <... mprotect resumed>) = 0 [pid 2645] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2631] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2628, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2645] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2631] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2645] <... clone3 resumed> => {parent_tid=[2650]}, 88) = 2650 [pid 2645] rt_sigprocmask(SIG_SETMASK, [], [pid 2631] <... clone3 resumed> => {parent_tid=[2651]}, 88) = 2651 [pid 2645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2631] rt_sigprocmask(SIG_SETMASK, [], [pid 2645] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2645] <... futex resumed>) = 0 [pid 2631] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2631] <... futex resumed>) = 0 [pid 2631] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2627] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2648] <... futex resumed>) = ? [pid 2626] <... futex resumed>) = ? [pid 2648] +++ killed by SIGBUS +++ [pid 2627] +++ killed by SIGBUS +++ [pid 2626] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2633] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2647] <... futex resumed>) = ? [pid 2629] <... futex resumed>) = ? [pid 2647] +++ killed by SIGBUS +++ [pid 288] <... restart_syscall resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 288] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2651 attached [pid 288] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... openat resumed>) = 3 [pid 287] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] newfstatat(3, "", [pid 2651] set_robust_list(0x7f0aeccae9a0, 24 [pid 287] <... openat resumed>) = 3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(3, "", [pid 2651] <... set_robust_list resumed>) = 0 [pid 288] getdents64(3, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2651] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] getdents64(3, [pid 288] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2633] +++ killed by SIGBUS +++ [pid 2629] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2650 attached [pid 2650] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2650] rt_sigprocmask(SIG_SETMASK, [], [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2629, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2650] memfd_create("syzkaller", 0) = 3 [pid 2650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2651] write(4, "#! \n", 4 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2651] <... write resumed>) = 4 [pid 288] newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2651] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... mmap resumed>) = 0x7f0ae48af000 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2651] <... futex resumed>) = 1 [pid 2631] <... futex resumed>) = 0 [pid 2631] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 58.914792][ T2632] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 58.917049][ T2633] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 58.950232][ T2627] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2651] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2636] <... futex resumed>) = 0 [pid 2631] <... futex resumed>) = 1 [pid 2636] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 288] <... openat resumed>) = 4 [pid 2636] <... mmap resumed>) = 0x200000000000 [pid 2631] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] newfstatat(4, "", [pid 2636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2636] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2631] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... restart_syscall resumed>) = 0 [pid 2631] <... futex resumed>) = 0 [pid 2631] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] getdents64(4, [pid 289] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] getdents64(4, [pid 289] <... openat resumed>) = 3 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] close(4 [pid 289] getdents64(3, [pid 288] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] rmdir("./75/file2" [pid 289] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... rmdir resumed>) = 0 [pid 288] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./75/binderfs", [pid 2636] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2651] <... futex resumed>) = ? [pid 2631] <... futex resumed>) = ? [pid 288] unlink("./75/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 2651] +++ killed by SIGBUS +++ [pid 288] rmdir("./75") = 0 [pid 288] mkdir("./76", 0777) = 0 [pid 2650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2636] +++ killed by SIGBUS +++ [pid 2631] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2631, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2650] <... write resumed>) = 524288 [pid 2650] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2650] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./80/file2") = 0 [pid 287] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./80/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./80") = 0 [pid 287] mkdir("./81", 0777) = 0 [ 58.989233][ T2636] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2650] <... openat resumed>) = 4 [pid 2650] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2652 ./strace-static-x86_64: Process 2652 attached [pid 2652] set_robust_list(0x555594a056a0, 24) = 0 [pid 2652] chdir("./81") = 0 [pid 2652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2652] setpgid(0, 0) = 0 [pid 2652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2652] write(3, "1000", 4) = 4 [pid 2652] close(3) = 0 [pid 2652] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2652] write(1, "executing program\n", 18) = 18 [pid 2652] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2652] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2652] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2653 attached => {parent_tid=[2653]}, 88) = 2653 [pid 2653] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2653] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2652] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2653] <... futex resumed>) = 0 [pid 2652] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2653] memfd_create("syzkaller", 0) = 3 [pid 2653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2653] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2653] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2650] <... ioctl resumed>) = 0 [pid 2650] close(3 [pid 291] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2650] <... close resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2650] close(4 [pid 291] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./77/file2") = 0 [pid 291] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./77/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./77") = 0 [pid 291] mkdir("./78", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2650] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 2650] mkdir("./file2", 0777 [pid 289] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2650] <... mkdir resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2650] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./75/file2") = 0 [pid 289] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./75/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./75") = 0 [pid 289] mkdir("./76", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2653] <... openat resumed>) = 4 [pid 2653] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] close(3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 2653] <... ioctl resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2653] close(3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2653] <... close resumed>) = 0 [pid 2653] close(4 [pid 289] close(3 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2657 ./strace-static-x86_64: Process 2657 attached [pid 2657] set_robust_list(0x555594a056a0, 24) = 0 [pid 2657] chdir("./76") = 0 [pid 2657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2657] setpgid(0, 0) = 0 [pid 2657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2657] write(3, "1000", 4) = 4 [pid 2657] close(3) = 0 [pid 2657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2657] write(1, "executing program\n", 18executing program ) = 18 [pid 2657] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2657] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2657] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2658 attached => {parent_tid=[2658]}, 88) = 2658 [pid 2658] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2658] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2657] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2658] <... futex resumed>) = 0 [pid 2658] memfd_create("syzkaller", 0 [pid 2657] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2658] <... memfd_create resumed>) = 3 [pid 2658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2658] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2658] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2650] <... mount resumed>) = 0 [pid 2650] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2650] chdir("./file2") = 0 [pid 2650] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2653] <... close resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2661 ./strace-static-x86_64: Process 2661 attached [pid 2661] set_robust_list(0x555594a056a0, 24) = 0 [pid 2661] chdir("./76" [pid 2653] mkdir("./file2", 0777 [pid 291] close(3 [pid 2661] <... chdir resumed>) = 0 [pid 2661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2661] setpgid(0, 0) = 0 [pid 2661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2661] write(3, "1000", 4) = 4 [pid 2661] close(3) = 0 [pid 2661] symlink("/dev/binderfs", "./binderfs" [pid 2653] <... mkdir resumed>) = 0 executing program [pid 2661] <... symlink resumed>) = 0 [pid 2661] write(1, "executing program\n", 18) = 18 [pid 2661] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2661] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2661] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2653] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2661] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2662]}, 88) = 2662 [pid 2661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2661] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2662 attached [pid 2662] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2662] memfd_create("syzkaller", 0) = 3 [pid 2662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2662] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2662] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2658] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 2658] ioctl(4, LOOP_SET_FD, 3 [pid 2650] <... openat resumed>) = 4 [pid 2658] <... ioctl resumed>) = 0 [pid 2650] ioctl(4, LOOP_CLR_FD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2658] close(3) = 0 [pid 2658] close(4 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2664 [pid 2662] <... openat resumed>) = 4 [pid 2662] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2664 attached [pid 2664] set_robust_list(0x555594a056a0, 24) = 0 [pid 2664] chdir("./78") = 0 [pid 2664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2664] setpgid(0, 0) = 0 [pid 2664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2664] write(3, "1000", 4) = 4 [pid 2664] close(3) = 0 [pid 2664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2664] write(1, "executing program\n", 18executing program ) = 18 [pid 2650] <... ioctl resumed>) = 0 [pid 2662] <... ioctl resumed>) = 0 [pid 2650] close(4 [pid 2664] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] close(3 [pid 2664] <... futex resumed>) = 0 [pid 2664] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2664] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2662] <... close resumed>) = 0 [pid 2664] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2662] close(4 [pid 2664] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2666 attached => {parent_tid=[2666]}, 88) = 2666 [pid 2664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2666] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2666] memfd_create("syzkaller", 0) = 3 [pid 2666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2666] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2666] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2658] <... close resumed>) = 0 [pid 2658] mkdir("./file2", 0777) = 0 [pid 2658] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2650] <... close resumed>) = 0 [pid 2650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2645] <... futex resumed>) = 0 [pid 2650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2645] <... futex resumed>) = 0 [pid 2650] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2645] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2650] <... openat resumed>) = 4 [pid 2650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2645] <... futex resumed>) = 0 [pid 2650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2645] <... futex resumed>) = 0 [pid 2650] write(4, "#! \n", 4 [pid 2645] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... write resumed>) = 4 [pid 2645] <... futex resumed>) = 0 [pid 2650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2650] <... futex resumed>) = 0 [pid 2645] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2667]}, 88) = 2667 [pid 2645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2645] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2667 attached [pid 2667] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2667] write(4, "#! \n", 4) = 4 [pid 2667] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... futex resumed>) = 0 [pid 2645] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... futex resumed>) = 0 [pid 2645] <... futex resumed>) = 1 [pid 2650] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2645] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2650] <... mmap resumed>) = 0x200000000000 [pid 2650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2645] <... futex resumed>) = 0 [pid 2650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2645] <... futex resumed>) = 0 [pid 2667] <... futex resumed>) = 1 [pid 2667] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2653] <... mount resumed>) = 0 [pid 2653] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2653] chdir("./file2") = 0 [pid 2653] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2667] <... futex resumed>) = ? [pid 2645] <... futex resumed>) = ? [pid 2667] +++ killed by SIGBUS +++ [pid 2650] +++ killed by SIGBUS +++ [pid 2645] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2645, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2658] <... mount resumed>) = 0 [pid 2658] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2658] chdir("./file2") = 0 [pid 2658] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2662] <... close resumed>) = 0 [pid 2666] <... openat resumed>) = 4 [pid 2662] mkdir("./file2", 0777 [pid 2658] <... openat resumed>) = 4 [pid 2653] <... openat resumed>) = 4 [pid 2666] ioctl(4, LOOP_SET_FD, 3 [pid 2662] <... mkdir resumed>) = 0 [pid 2658] ioctl(4, LOOP_CLR_FD [pid 2653] ioctl(4, LOOP_CLR_FD [ 59.355286][ T2650] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2662] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2666] <... ioctl resumed>) = 0 [pid 2658] <... ioctl resumed>) = 0 [pid 2653] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2666] close(3 [pid 2658] close(4 [pid 2653] close(4 [pid 2666] <... close resumed>) = 0 [pid 2658] <... close resumed>) = 0 [pid 2653] <... close resumed>) = 0 [pid 2666] close(4 [pid 2658] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2658] <... futex resumed>) = 1 [pid 2657] <... futex resumed>) = 0 [pid 2653] <... futex resumed>) = 1 [pid 2652] <... futex resumed>) = 0 [pid 2658] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2657] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2652] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2658] <... openat resumed>) = 4 [pid 2657] <... futex resumed>) = 0 [pid 2653] <... openat resumed>) = 4 [pid 2652] <... futex resumed>) = 0 [pid 290] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2652] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2658] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2657] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2653] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2658] <... futex resumed>) = 0 [pid 2657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2653] <... futex resumed>) = 1 [pid 2652] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./78/file2", [pid 2652] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2658] write(4, "#! \n", 4 [pid 2657] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] write(4, "#! \n", 4 [pid 2652] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2652] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2652] <... futex resumed>) = 0 [pid 2658] <... write resumed>) = 4 [pid 2657] <... futex resumed>) = 0 [pid 2653] <... write resumed>) = 4 [pid 2652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2658] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2657] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2652] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2658] <... futex resumed>) = 0 [pid 2657] <... futex resumed>) = 0 [pid 2653] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2652] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2658] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... openat resumed>) = 4 [pid 2657] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2653] <... futex resumed>) = 0 [pid 2652] <... mprotect resumed>) = 0 [pid 2657] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2653] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2657] <... mprotect resumed>) = 0 [pid 2652] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] newfstatat(4, "", [pid 2657] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2652] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2657] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2657] <... clone3 resumed> => {parent_tid=[2673]}, 88) = 2673 [pid 2657] rt_sigprocmask(SIG_SETMASK, [], [pid 2652] <... clone3 resumed> => {parent_tid=[2674]}, 88) = 2674 [pid 290] getdents64(4, [pid 2657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2652] rt_sigprocmask(SIG_SETMASK, [], [pid 2657] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2657] <... futex resumed>) = 0 [pid 2652] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2657] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2652] <... futex resumed>) = 0 [pid 290] getdents64(4, [pid 2652] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4./strace-static-x86_64: Process 2673 attached ) = 0 [pid 290] rmdir("./78/file2" [pid 2673] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2673] write(4, "#! \n", 4) = 4 [pid 290] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2673] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2657] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./78/binderfs", [pid 2657] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2658] <... futex resumed>) = 0 [pid 2657] <... futex resumed>) = 1 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2658] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2657] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2658] <... mmap resumed>) = 0x200000000000 [pid 290] unlink("./78/binderfs" [pid 2658] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2657] <... futex resumed>) = 0 [pid 2658] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2657] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2657] <... futex resumed>) = 0 [pid 290] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 2674 attached [pid 2673] <... futex resumed>) = 1 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./78") = 0 [pid 290] mkdir("./79", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2674] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2674] write(4, "#! \n", 4) = 4 [pid 2674] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2652] <... futex resumed>) = 0 [pid 2674] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2652] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] <... futex resumed>) = 0 [pid 2652] <... futex resumed>) = 1 [pid 2653] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2652] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2653] <... mmap resumed>) = 0x200000000000 [pid 2653] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2652] <... futex resumed>) = 0 [pid 2653] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2652] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2652] <... futex resumed>) = 0 [pid 2652] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2673] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2657] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2662] <... mount resumed>) = 0 [pid 2662] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2662] chdir("./file2") = 0 [pid 2662] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2657] <... futex resumed>) = ? [pid 2673] <... futex resumed>) = ? [pid 2673] +++ killed by SIGBUS +++ [pid 2658] +++ killed by SIGBUS +++ [pid 2657] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2657, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2674] <... futex resumed>) = ? [pid 2652] <... futex resumed>) = ? [pid 2674] +++ killed by SIGBUS +++ [pid 2653] +++ killed by SIGBUS +++ [pid 2652] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2652, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>executing program [pid 2666] <... close resumed>) = 0 [pid 2662] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 2662] ioctl(4, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 2662] <... ioctl resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2662] close(4 [pid 290] close(3 [pid 2662] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 2662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2662] <... futex resumed>) = 1 [pid 2662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2677 ./strace-static-x86_64: Process 2677 attached [pid 2677] set_robust_list(0x555594a056a0, 24) = 0 [pid 2677] chdir("./79") = 0 [pid 2677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2677] setpgid(0, 0) = 0 [pid 2677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2677] write(3, "1000", 4) = 4 [pid 2677] close(3) = 0 [pid 2677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2677] write(1, "executing program\n", 18) = 18 [pid 2677] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2677] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2677] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2678]}, 88) = 2678 [pid 2677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2677] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2677] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2666] mkdir("./file2", 0777) = 0 [pid 2661] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2678 attached [pid 2666] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2661] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] <... futex resumed>) = 0 [pid 2661] <... futex resumed>) = 1 [pid 2662] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2661] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2678] set_robust_list(0x7f0aecccf9a0, 24 [pid 2662] <... openat resumed>) = 4 [pid 2662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2678] <... set_robust_list resumed>) = 0 [pid 2678] rt_sigprocmask(SIG_SETMASK, [], [pid 2662] <... futex resumed>) = 1 [pid 2661] <... futex resumed>) = 0 [pid 2678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2661] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] write(4, "#! \n", 4 [pid 2661] <... futex resumed>) = 0 [pid 2678] memfd_create("syzkaller", 0 [pid 2662] <... write resumed>) = 4 [pid 2661] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2661] <... futex resumed>) = 0 [pid 2662] <... futex resumed>) = 0 [pid 2661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2661] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2678] <... memfd_create resumed>) = 3 [pid 2661] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2661] <... mprotect resumed>) = 0 [pid 2678] <... mmap resumed>) = 0x7f0ae48af000 [pid 2661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2679]}, 88) = 2679 [pid 2661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2661] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2679 attached [pid 2679] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 59.459004][ T2658] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 59.470363][ T2653] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2679] write(4, "#! \n", 4) = 4 [pid 2679] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2661] <... futex resumed>) = 0 [pid 2661] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] <... futex resumed>) = 0 [pid 2661] <... futex resumed>) = 1 [pid 2662] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2661] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2662] <... mmap resumed>) = 0x200000000000 [pid 2662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2661] <... futex resumed>) = 0 [pid 2662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2661] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2661] <... futex resumed>) = 0 [pid 2679] <... futex resumed>) = 1 [pid 2678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2679] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2678] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2678] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2661] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2662] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2661] <... futex resumed>) = ? [pid 2679] <... futex resumed>) = ? [pid 2679] +++ killed by SIGBUS +++ [pid 2662] +++ killed by SIGBUS +++ [pid 2661] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2661, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2666] <... mount resumed>) = 0 [pid 2666] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2666] chdir("./file2") = 0 [pid 2666] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2678] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 2678] ioctl(4, LOOP_SET_FD, 3 [pid 288] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./76/file2") = 0 [pid 288] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./76/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./76") = 0 [pid 288] mkdir("./77", 0777) = 0 [ 59.509162][ T2662] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2666] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 2666] ioctl(4, LOOP_CLR_FD [pid 287] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./81/file2") = 0 [pid 287] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./81/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./81") = 0 [pid 287] mkdir("./82", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2678] <... ioctl resumed>) = 0 [pid 2666] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 2678] close(3 [pid 2666] close(4 [pid 289] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 2678] <... close resumed>) = 0 [pid 2666] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] ioctl(3, LOOP_CLR_FD [pid 2678] close(4 [pid 2666] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./76/file2", [pid 288] close(3 [pid 2678] <... close resumed>) = 0 [pid 2666] <... futex resumed>) = 1 [pid 2664] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2678] mkdir("./file2", 0777 [pid 2666] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2678] <... mkdir resumed>) = 0 [pid 2666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2664] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(3 [pid 2678] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2666] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2683 [pid 289] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./76/file2") = 0 [pid 289] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./76/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./76") = 0 [pid 2666] <... openat resumed>) = 4 [pid 289] mkdir("./77", 0777 [pid 2666] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... mkdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2666] <... futex resumed>) = 1 [pid 2664] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2666] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 3 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2664] <... futex resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 2666] write(4, "#! \n", 4 [pid 2664] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2664] <... futex resumed>) = 0 [pid 289] close(3 [pid 2664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... close resumed>) = 0 [pid 2664] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2666] <... write resumed>) = 4 [pid 2664] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2666] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2685 [pid 2666] <... futex resumed>) = 0 [pid 2664] <... mprotect resumed>) = 0 [pid 2666] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2664] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 2683 attached [], 8) = 0 [pid 2683] set_robust_list(0x555594a056a0, 24 [pid 2664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2683] <... set_robust_list resumed>) = 0 [pid 2683] chdir("./77") = 0 [pid 2664] <... clone3 resumed> => {parent_tid=[2686]}, 88) = 2686 [pid 2683] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2664] rt_sigprocmask(SIG_SETMASK, [], [pid 2683] <... prctl resumed>) = 0 [pid 2664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2684 [pid 2664] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2683] setpgid(0, 0 [pid 2664] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2684 attached [pid 2684] set_robust_list(0x555594a056a0, 24) = 0 [pid 2684] chdir("./82") = 0 [pid 2684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2684] setpgid(0, 0) = 0 [pid 2684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2684] write(3, "1000", 4) = 4 [pid 2684] close(3) = 0 [pid 2684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2684] write(1, "executing program\n", 18executing program ) = 18 [pid 2684] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2684] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2684] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2684] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 2686 attached [pid 2683] <... setpgid resumed>) = 0 [pid 2684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2688]}, 88) = 2688 [pid 2684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2684] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2684] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2688 attached [pid 2688] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2688] rt_sigprocmask(SIG_SETMASK, [], [pid 2683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2688] memfd_create("syzkaller", 0) = 3 [pid 2688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2683] <... openat resumed>) = 3 [pid 2686] set_robust_list(0x7f0aeccae9a0, 24 [pid 2683] write(3, "1000", 4 [pid 2686] <... set_robust_list resumed>) = 0 [pid 2683] <... write resumed>) = 4 [pid 2683] close(3 [pid 2686] rt_sigprocmask(SIG_SETMASK, [], [pid 2683] <... close resumed>) = 0 [pid 2686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2686] write(4, "#! \n", 4 [pid 2683] write(1, "executing program\n", 18 [pid 2688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288executing program [pid 2683] <... write resumed>) = 18 [pid 2683] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2686] <... write resumed>) = 4 [pid 2683] <... futex resumed>) = 0 [pid 2686] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2683] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2683] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2688] <... write resumed>) = 524288 [pid 2688] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2688] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2685 attached [pid 2685] set_robust_list(0x555594a056a0, 24) = 0 [pid 2685] chdir("./77" [pid 2683] <... mprotect resumed>) = 0 [pid 2685] <... chdir resumed>) = 0 [pid 2685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2685] setpgid(0, 0) = 0 [pid 2685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2685] <... openat resumed>) = 3 [pid 2685] write(3, "1000", 4) = 4 [pid 2685] close(3) = 0 [pid 2685] symlink("/dev/binderfs", "./binderfs" [pid 2683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2686] <... futex resumed>) = 1 [pid 2664] <... futex resumed>) = 0 [pid 2664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2666] <... futex resumed>) = 0 [pid 2664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2666] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2685] <... symlink resumed>) = 0 [pid 2666] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] write(1, "executing program\n", 18 [pid 2666] <... futex resumed>) = 1 [pid 2664] <... futex resumed>) = 0 executing program [pid 2666] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2664] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] <... write resumed>) = 18 [pid 2666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2664] <... futex resumed>) = 0 [pid 2685] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2685] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2690]}, 88) = 2690 [pid 2685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2690 attached [pid 2690] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2690] memfd_create("syzkaller", 0) = 3 [pid 2690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2690] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2690] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2688] <... ioctl resumed>) = 0 [pid 2688] close(3) = 0 [pid 2688] close(4 [pid 2683] <... clone3 resumed> => {parent_tid=[2691]}, 88) = 2691 [pid 2683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2683] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2683] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2691 attached [pid 2691] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2691] memfd_create("syzkaller", 0) = 3 [pid 2691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2691] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2691] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2691] ioctl(4, LOOP_SET_FD, 3 [pid 2686] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2664] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2678] <... mount resumed>) = 0 [pid 2678] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2678] chdir("./file2") = 0 [pid 2678] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2691] <... ioctl resumed>) = 0 [pid 2678] <... openat resumed>) = 4 [pid 2666] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2678] ioctl(4, LOOP_CLR_FD) = 0 [pid 2678] close(4) = 0 [pid 2678] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2678] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2690] <... openat resumed>) = 4 [pid 2690] ioctl(4, LOOP_SET_FD, 3 [pid 2691] close(3) = 0 [pid 2690] <... ioctl resumed>) = 0 [pid 2688] <... close resumed>) = 0 [pid 2686] <... futex resumed>) = ? [pid 2677] <... futex resumed>) = 0 [pid 2664] <... futex resumed>) = ? [pid 2688] mkdir("./file2", 0777 [pid 2691] close(4 [pid 2690] close(3 [pid 2688] <... mkdir resumed>) = 0 [pid 2686] +++ killed by SIGBUS +++ [pid 2677] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] <... close resumed>) = 0 [pid 2690] close(4 [pid 2688] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2678] <... futex resumed>) = 0 [pid 2677] <... futex resumed>) = 1 [pid 2666] +++ killed by SIGBUS +++ [pid 2664] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2664, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2678] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2677] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 2678] <... openat resumed>) = 4 [pid 291] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2678] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", [pid 2678] <... futex resumed>) = 1 [pid 2677] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, [pid 2678] write(4, "#! \n", 4 [pid 2677] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2678] <... write resumed>) = 4 [pid 2677] <... futex resumed>) = 0 [pid 2678] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2677] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2678] <... futex resumed>) = 0 [pid 2677] <... futex resumed>) = 0 [pid 2678] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2677] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 291] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2695]}, 88) = 2695 [pid 2677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2677] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2677] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2695 attached [pid 2695] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2695] write(4, "#! \n", 4) = 4 [pid 2695] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2677] <... futex resumed>) = 0 [pid 2677] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2678] <... futex resumed>) = 0 [pid 2677] <... futex resumed>) = 1 [pid 2678] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2677] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2678] <... mmap resumed>) = 0x200000000000 [pid 2678] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2677] <... futex resumed>) = 0 [pid 2677] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2677] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2695] <... futex resumed>) = 1 [pid 2695] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2678] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2695] <... futex resumed>) = ? [pid 2677] <... futex resumed>) = ? [pid 2695] +++ killed by SIGBUS +++ [pid 2678] +++ killed by SIGBUS +++ [pid 2677] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2677, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2691] <... close resumed>) = 0 [pid 2691] mkdir("./file2", 0777) = 0 [pid 2691] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2688] <... mount resumed>) = 0 [pid 2688] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2688] chdir("./file2") = 0 [pid 2688] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2690] <... close resumed>) = 0 [pid 2690] mkdir("./file2", 0777) = 0 [ 59.701150][ T2666] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 59.726830][ T2678] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2690] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2688] <... openat resumed>) = 4 [pid 2688] ioctl(4, LOOP_CLR_FD) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2688] close(4 [pid 291] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2688] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2688] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./78/file2", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2688] <... futex resumed>) = 1 [pid 2684] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] newfstatat(AT_FDCWD, "./79/file2", [pid 2688] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2684] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2688] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2684] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2688] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 4 [pid 290] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2688] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 290] <... openat resumed>) = 4 [pid 2688] <... futex resumed>) = 1 [pid 2684] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] newfstatat(4, "", [pid 2688] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2684] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, [pid 2688] write(4, "#! \n", 4 [pid 2684] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2688] <... write resumed>) = 4 [pid 2684] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] getdents64(4, [pid 2688] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] close(4 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2688] <... futex resumed>) = 0 [pid 2684] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... close resumed>) = 0 [pid 290] close(4 [pid 2688] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] rmdir("./78/file2" [pid 290] <... close resumed>) = 0 [pid 2684] <... mprotect resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] rmdir("./79/file2" [pid 2684] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... rmdir resumed>) = 0 [pid 2684] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] newfstatat(AT_FDCWD, "./78/binderfs", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] newfstatat(AT_FDCWD, "./79/binderfs", [pid 2684] <... clone3 resumed> => {parent_tid=[2698]}, 88) = 2698 [pid 291] unlink("./78/binderfs" [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2684] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... unlink resumed>) = 0 [pid 290] unlink("./79/binderfs" [pid 2684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] getdents64(3, [pid 290] <... unlink resumed>) = 0 [pid 2684] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] getdents64(3, [pid 2684] <... futex resumed>) = 0 [pid 291] close(3 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2684] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... close resumed>) = 0 [pid 290] close(3 [pid 291] rmdir("./78" [pid 290] <... close resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] rmdir("./79" [pid 291] mkdir("./79", 0777 [pid 290] <... rmdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 290] mkdir("./80", 0777 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... mkdir resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... openat resumed>) = 3 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] ioctl(3, LOOP_CLR_FD [pid 291] close(3 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... close resumed>) = 0 [pid 290] close(3 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... close resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2701 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2702 ./strace-static-x86_64: Process 2698 attached [pid 2698] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2698] write(4, "#! \n", 4) = 4 [pid 2698] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2688] <... futex resumed>) = 0 [pid 2684] <... futex resumed>) = 1 [pid 2688] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2684] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2688] <... mmap resumed>) = 0x200000000000 [pid 2688] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2684] <... futex resumed>) = 0 [pid 2688] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2698] <... futex resumed>) = 1 [pid 2698] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2702 attached [pid 2702] set_robust_list(0x555594a056a0, 24) = 0 [pid 2702] chdir("./80") = 0 [pid 2702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2702] setpgid(0, 0) = 0 [pid 2702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2702] write(3, "1000", 4) = 4 [pid 2702] close(3) = 0 [pid 2702] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2702] write(1, "executing program\n", 18) = 18 [pid 2702] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2702] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2702] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2704]}, 88) = 2704 [pid 2702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2702] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2702] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2688] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2698] <... futex resumed>) = ? [pid 2684] <... futex resumed>) = ? [pid 2698] +++ killed by SIGBUS +++ [pid 2688] +++ killed by SIGBUS +++ [pid 2684] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2684, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 2701 attached [pid 2691] <... mount resumed>) = 0 [pid 2691] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2691] chdir("./file2") = 0 [pid 2691] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2691] ioctl(4, LOOP_CLR_FD) = 0 [pid 2691] close(4) = 0 [pid 2691] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2683] <... futex resumed>) = 0 [pid 2691] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2683] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = 0 [pid 2683] <... futex resumed>) = 1 [pid 2691] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2683] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2691] <... openat resumed>) = 4 [pid 2691] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2683] <... futex resumed>) = 0 [pid 2691] write(4, "#! \n", 4 [pid 2683] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] <... mount resumed>) = 0 [pid 2683] <... futex resumed>) = 0 [pid 2691] <... write resumed>) = 4 [pid 2683] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2683] <... futex resumed>) = 0 [pid 2691] <... futex resumed>) = 0 [pid 2690] <... openat resumed>) = 3 [pid 2683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2691] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2690] chdir("./file2" [pid 2683] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] <... restart_syscall resumed>) = 0 [pid 2690] <... chdir resumed>) = 0 [pid 2683] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2690] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2683] <... mprotect resumed>) = 0 [pid 2690] ioctl(4, LOOP_CLR_FD [pid 2683] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2690] <... ioctl resumed>) = 0 [pid 2683] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2690] close(4 [pid 2683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2690] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 2690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2683] <... clone3 resumed> => {parent_tid=[2706]}, 88) = 2706 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2690] <... futex resumed>) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2683] rt_sigprocmask(SIG_SETMASK, [], [pid 287] getdents64(3, [pid 2690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2701] set_robust_list(0x555594a056a0, 24 [pid 2690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2685] <... futex resumed>) = 0 [pid 2683] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2690] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2683] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2704 attached [pid 2701] <... set_robust_list resumed>) = 0 [pid 2704] set_robust_list(0x7f0aecccf9a0, 24 [pid 2701] chdir("./79" [pid 2690] <... openat resumed>) = 4 [pid 2683] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] <... set_robust_list resumed>) = 0 [pid 2701] <... chdir resumed>) = 0 [pid 2690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2701] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2690] <... futex resumed>) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2685] <... futex resumed>) = 0 [pid 2690] write(4, "#! \n", 4 [pid 2685] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] <... write resumed>) = 4 [pid 2685] <... futex resumed>) = 0 [pid 2690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2690] <... futex resumed>) = 0 [pid 2685] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2704] rt_sigprocmask(SIG_SETMASK, [], [pid 2701] <... prctl resumed>) = 0 [pid 2685] <... mprotect resumed>) = 0 [pid 2685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2707]}, 88) = 2707 [pid 2704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2701] setpgid(0, 0 [pid 2685] rt_sigprocmask(SIG_SETMASK, [], [pid 2701] <... setpgid resumed>) = 0 [pid 2685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2685] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2685] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] memfd_create("syzkaller", 0 [pid 2701] <... openat resumed>) = 3 ./strace-static-x86_64: Process 2706 attached [pid 2706] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2701] write(3, "1000", 4 [pid 2704] <... memfd_create resumed>) = 3 [pid 2701] <... write resumed>) = 4 [pid 2706] write(4, "#! \n", 4 [pid 2704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2701] close(3) = 0 [pid 2704] <... mmap resumed>) = 0x7f0ae48af000 [pid 2701] symlink("/dev/binderfs", "./binderfs" [pid 2706] <... write resumed>) = 4 [pid 2706] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2683] <... futex resumed>) = 0 [pid 2701] <... symlink resumed>) = 0 [pid 2683] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = 0 [pid 2683] <... futex resumed>) = 1 [pid 2691] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2683] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2691] <... mmap resumed>) = 0x200000000000 [pid 2691] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2683] <... futex resumed>) = 0 [pid 2691] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2683] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) executing program [pid 2683] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2707 attached [pid 2706] <... futex resumed>) = 1 [pid 2704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2701] write(1, "executing program\n", 18) = 18 [pid 2701] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2701] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2701] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2704] <... write resumed>) = 524288 [pid 2701] <... mprotect resumed>) = 0 [pid 2701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2708]}, 88) = 2708 [pid 2701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2701] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2701] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2707] set_robust_list(0x7f0aeccae9a0, 24 [pid 2706] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2707] <... set_robust_list resumed>) = 0 [pid 2707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2707] write(4, "#! \n", 4) = 4 [pid 2707] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2707] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2704] munmap(0x7f0ae48af000, 138412032) = 0 [ 59.852940][ T2688] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2704] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2683] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2708 attached [pid 2708] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2708] memfd_create("syzkaller", 0) = 3 [pid 2708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2685] <... futex resumed>) = 0 [pid 2685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2691] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2706] <... futex resumed>) = ? [pid 2683] <... futex resumed>) = ? [pid 2706] +++ killed by SIGBUS +++ [pid 2690] <... futex resumed>) = 0 [pid 2690] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2691] +++ killed by SIGBUS +++ [pid 2683] +++ killed by SIGBUS +++ [pid 287] <... umount2 resumed>) = 0 [pid 2690] <... mmap resumed>) = 0x200000000000 [pid 2690] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2683, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2690] <... futex resumed>) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2690] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2685] <... futex resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./82/file2", [pid 2704] <... openat resumed>) = 4 [pid 2704] ioctl(4, LOOP_SET_FD, 3 [pid 2708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2708] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2708] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./82/file2") = 0 [pid 287] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./82/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./82") = 0 [pid 287] mkdir("./83", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2704] <... ioctl resumed>) = 0 [pid 2704] close(3) = 0 [pid 2704] close(4 [pid 2690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2707] <... futex resumed>) = ? [pid 2685] <... futex resumed>) = ? [pid 2707] +++ killed by SIGBUS +++ [pid 288] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2690] +++ killed by SIGBUS +++ [pid 2685] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2685, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2704] <... close resumed>) = 0 [pid 2704] mkdir("./file2", 0777) = 0 [ 59.890351][ T2691] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 59.908659][ T2690] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2704] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2708] <... openat resumed>) = 4 [pid 2708] ioctl(4, LOOP_SET_FD, 3 [pid 2704] <... mount resumed>) = 0 [pid 2704] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2704] chdir("./file2") = 0 [pid 2704] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 2708] <... ioctl resumed>) = 0 [pid 2704] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 2704] ioctl(4, LOOP_CLR_FD) = 0 [pid 2704] close(4) = 0 [pid 2704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2702] <... futex resumed>) = 0 [pid 2702] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2702] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 288] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 289] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./77/file2", [pid 2704] <... openat resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(AT_FDCWD, "./77/file2", [pid 288] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2713 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... openat resumed>) = 4 [pid 289] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] newfstatat(4, "", [pid 289] <... openat resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] newfstatat(4, "", [pid 288] getdents64(4, [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2708] close(3 [pid 2704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2708] <... close resumed>) = 0 [pid 2704] <... futex resumed>) = 1 [pid 2702] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 2708] close(4 [pid 2704] write(4, "#! \n", 4 [pid 2702] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2704] <... write resumed>) = 4 [pid 2702] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4 [pid 2704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2702] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(4 [pid 2704] <... futex resumed>) = 0 [pid 2702] <... futex resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2704] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... close resumed>) = 0 [pid 288] rmdir("./77/file2"./strace-static-x86_64: Process 2713 attached [pid 2702] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] rmdir("./77/file2" [pid 2702] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 2713] set_robust_list(0x555594a056a0, 24 [pid 2702] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... rmdir resumed>) = 0 [pid 288] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2702] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./77/binderfs", [pid 289] newfstatat(AT_FDCWD, "./77/binderfs", [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2702] <... clone3 resumed> => {parent_tid=[2714]}, 88) = 2714 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./77/binderfs" [pid 2702] rt_sigprocmask(SIG_SETMASK, [], [pid 289] unlink("./77/binderfs" [pid 288] <... unlink resumed>) = 0 [pid 2702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] <... unlink resumed>) = 0 [pid 288] getdents64(3, [pid 2702] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2702] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 2702] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] close(3 [pid 288] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] rmdir("./77"./strace-static-x86_64: Process 2714 attached [pid 2713] <... set_robust_list resumed>) = 0 [pid 289] rmdir("./77" [pid 288] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] mkdir("./78", 0777 [pid 2714] set_robust_list(0x7f0aeccae9a0, 24 [pid 2713] chdir("./83" [pid 289] mkdir("./78", 0777) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 2713] <... chdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2714] <... set_robust_list resumed>) = 0 [pid 2714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2714] write(4, "#! \n", 4) = 4 [pid 2714] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2702] <... futex resumed>) = 0 [pid 2702] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2704] <... futex resumed>) = 0 [pid 2702] <... futex resumed>) = 1 [pid 2704] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2702] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2704] <... mmap resumed>) = 0x200000000000 [pid 2704] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2702] <... futex resumed>) = 0 [pid 2704] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2702] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2702] <... futex resumed>) = 0 [pid 2714] <... futex resumed>) = 1 [pid 2713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2713] setpgid(0, 0) = 0 [pid 2713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2714] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] write(3, "1000", 4) = 4 [pid 2713] close(3) = 0 [pid 2713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2713] write(1, "executing program\n", 18executing program ) = 18 [pid 2713] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2713] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2713] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2715]}, 88) = 2715 [pid 2713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2713] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2713] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2702] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2715 attached [pid 2715] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2715] memfd_create("syzkaller", 0) = 3 [pid 2715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2715] munmap(0x7f0ae48af000, 138412032 [pid 2704] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2714] <... futex resumed>) = ? [pid 2702] <... futex resumed>) = ? [pid 2715] <... munmap resumed>) = 0 [pid 2714] +++ killed by SIGBUS +++ [pid 2715] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2708] <... close resumed>) = 0 [pid 2704] +++ killed by SIGBUS +++ [pid 2702] +++ killed by SIGBUS +++ [pid 2708] mkdir("./file2", 0777 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2702, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2708] <... mkdir resumed>) = 0 [pid 2708] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 2715] <... openat resumed>) = 4 [pid 2715] ioctl(4, LOOP_SET_FD, 3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 288] close(3 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2716 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2717 ./strace-static-x86_64: Process 2717 attached ./strace-static-x86_64: Process 2716 attached [pid 2716] set_robust_list(0x555594a056a0, 24 [pid 2717] set_robust_list(0x555594a056a0, 24 [pid 2716] <... set_robust_list resumed>) = 0 [pid 2717] <... set_robust_list resumed>) = 0 [pid 2716] chdir("./78" [pid 2717] chdir("./78" [pid 2716] <... chdir resumed>) = 0 [pid 2717] <... chdir resumed>) = 0 [pid 2717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2716] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2717] setpgid(0, 0 [pid 2716] <... prctl resumed>) = 0 [pid 2716] setpgid(0, 0 [pid 2717] <... setpgid resumed>) = 0 [pid 2716] <... setpgid resumed>) = 0 [pid 2717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2717] <... openat resumed>) = 3 [pid 2716] <... openat resumed>) = 3 [pid 2716] write(3, "1000", 4) = 4 [pid 2717] write(3, "1000", 4) = 4 [pid 2716] close(3) = 0 [pid 2717] close(3) = 0 [pid 2717] symlink("/dev/binderfs", "./binderfs" [pid 2716] symlink("/dev/binderfs", "./binderfs"executing program executing program [pid 2717] <... symlink resumed>) = 0 [pid 2716] <... symlink resumed>) = 0 [pid 2715] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2716] write(1, "executing program\n", 18) = 18 [pid 2716] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] write(1, "executing program\n", 18) = 18 [pid 290] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2717] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2716] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2715] close(3 [pid 290] newfstatat(AT_FDCWD, "./80/file2", [pid 2717] <... futex resumed>) = 0 [pid 2716] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2715] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2717] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2716] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2715] close(4 [pid 290] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2717] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 290] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... openat resumed>) = 4 [pid 2717] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2716] <... mmap resumed>) = 0x7f0aeccaf000 [pid 290] newfstatat(4, "", [pid 2717] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2716] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2717] <... mprotect resumed>) = 0 [pid 2716] <... mprotect resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] getdents64(4, [pid 2717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2717] <... clone3 resumed> => {parent_tid=[2720]}, 88) = 2720 [pid 2716] <... clone3 resumed> => {parent_tid=[2719]}, 88) = 2719 [pid 290] close(4 [pid 2717] rt_sigprocmask(SIG_SETMASK, [], [pid 2716] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... close resumed>) = 0 [pid 2717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] rmdir("./80/file2" [pid 2717] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] <... futex resumed>) = 0 [pid 2716] <... futex resumed>) = 0 [pid 2717] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2719 attached [pid 2719] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 2719] rt_sigprocmask(SIG_SETMASK, [], [pid 290] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./80/binderfs" [pid 2719] memfd_create("syzkaller", 0) = 3 [pid 290] <... unlink resumed>) = 0 [pid 2719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2719] <... mmap resumed>) = 0x7f0ae48af000 [pid 290] close(3) = 0 [pid 290] rmdir("./80") = 0 [pid 290] mkdir("./81", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 2720 attached [pid 2720] set_robust_list(0x7f0aecccf9a0, 24 [pid 2719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2708] <... mount resumed>) = 0 [pid 2720] <... set_robust_list resumed>) = 0 [pid 2708] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2720] rt_sigprocmask(SIG_SETMASK, [], [pid 2708] chdir("./file2" [pid 2720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2708] <... chdir resumed>) = 0 [pid 2708] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2720] memfd_create("syzkaller", 0) = 3 [pid 2720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2719] <... write resumed>) = 524288 [pid 2719] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2720] <... mmap resumed>) = 0x7f0ae48af000 [pid 2719] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2720] munmap(0x7f0ae48af000, 138412032) = 0 [ 60.032036][ T2704] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2720] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2723 [pid 2719] <... openat resumed>) = 4 [pid 2719] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2723 attached [pid 2723] set_robust_list(0x555594a056a0, 24 [pid 2719] <... ioctl resumed>) = 0 [pid 2719] close(3) = 0 [pid 2719] close(4 [pid 2723] <... set_robust_list resumed>) = 0 [pid 2723] chdir("./81") = 0 [pid 2723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2723] setpgid(0, 0) = 0 [pid 2723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2723] write(3, "1000", 4) = 4 [pid 2723] close(3) = 0 [pid 2723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2723] write(1, "executing program\n", 18executing program ) = 18 [pid 2723] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2723] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2725]}, 88) = 2725 [pid 2723] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 2725 attached [pid 2725] set_robust_list(0x7f0aecccf9a0, 24 [pid 2723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2725] <... set_robust_list resumed>) = 0 [pid 2725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2725] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2725] <... futex resumed>) = 0 [pid 2723] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2725] memfd_create("syzkaller", 0) = 3 [pid 2725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2725] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2725] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2715] <... close resumed>) = 0 [pid 2720] <... openat resumed>) = 4 [pid 2715] mkdir("./file2", 0777 [pid 2708] <... openat resumed>) = 4 [pid 2720] ioctl(4, LOOP_SET_FD, 3 [pid 2708] ioctl(4, LOOP_CLR_FD [pid 2715] <... mkdir resumed>) = 0 [pid 2715] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2719] <... close resumed>) = 0 [pid 2719] mkdir("./file2", 0777) = 0 [pid 2719] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2725] <... openat resumed>) = 4 [pid 2725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2725] close(3) = 0 [pid 2725] close(4 [pid 2719] <... mount resumed>) = 0 [pid 2719] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2719] chdir("./file2") = 0 [pid 2719] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2725] <... close resumed>) = 0 [pid 2708] <... ioctl resumed>) = 0 [pid 2708] close(4 [pid 2725] mkdir("./file2", 0777 [pid 2720] <... ioctl resumed>) = 0 [pid 2725] <... mkdir resumed>) = 0 [pid 2720] close(3 [pid 2719] <... openat resumed>) = 4 [pid 2725] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2720] <... close resumed>) = 0 [pid 2720] close(4 [pid 2719] ioctl(4, LOOP_CLR_FD [pid 2715] <... mount resumed>) = 0 [pid 2715] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2725] <... mount resumed>) = 0 [pid 2715] <... openat resumed>) = 3 [pid 2715] chdir("./file2") = 0 [pid 2715] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2725] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2725] chdir("./file2") = 0 [pid 2725] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2720] <... close resumed>) = 0 [pid 2719] <... ioctl resumed>) = 0 [pid 2715] <... openat resumed>) = 4 [pid 2708] <... close resumed>) = 0 [pid 2708] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2708] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2725] ioctl(4, LOOP_CLR_FD [pid 2720] mkdir("./file2", 0777 [pid 2719] close(4 [pid 2715] ioctl(4, LOOP_CLR_FD [pid 2701] <... futex resumed>) = 0 [pid 2725] <... ioctl resumed>) = 0 [pid 2720] <... mkdir resumed>) = 0 [pid 2719] <... close resumed>) = 0 [pid 2715] <... ioctl resumed>) = 0 [pid 2701] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] close(4 [pid 2720] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] close(4 [pid 2708] <... futex resumed>) = 0 [pid 2701] <... futex resumed>) = 1 [pid 2725] <... close resumed>) = 0 [pid 2719] <... futex resumed>) = 1 [pid 2716] <... futex resumed>) = 0 [pid 2715] <... close resumed>) = 0 [pid 2708] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2701] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] <... openat resumed>) = 4 [pid 2725] <... futex resumed>) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2716] <... futex resumed>) = 0 [pid 2715] <... futex resumed>) = 1 [pid 2713] <... futex resumed>) = 0 [pid 2708] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2719] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] <... futex resumed>) = 1 [pid 2701] <... futex resumed>) = 0 [pid 2725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2723] <... futex resumed>) = 0 [pid 2719] <... openat resumed>) = 4 [pid 2715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2713] <... futex resumed>) = 0 [pid 2708] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2701] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2723] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2713] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2701] <... futex resumed>) = 0 [pid 2725] <... openat resumed>) = 4 [pid 2719] <... futex resumed>) = 1 [pid 2716] <... futex resumed>) = 0 [pid 2715] <... openat resumed>) = 4 [pid 2708] write(4, "#! \n", 4 [pid 2701] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] <... write resumed>) = 4 [pid 2701] <... futex resumed>) = 0 [pid 2725] <... futex resumed>) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2716] <... futex resumed>) = 0 [pid 2715] <... futex resumed>) = 1 [pid 2713] <... futex resumed>) = 0 [pid 2708] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2725] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2719] write(4, "#! \n", 4 [pid 2716] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] <... futex resumed>) = 0 [pid 2701] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2723] <... futex resumed>) = 0 [pid 2716] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 0 [pid 2723] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2719] <... write resumed>) = 4 [pid 2716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2713] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2701] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2723] <... futex resumed>) = 0 [pid 2720] <... mount resumed>) = 0 [pid 2716] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2713] <... futex resumed>) = 0 [pid 2701] <... mprotect resumed>) = 0 [pid 2725] write(4, "#! \n", 4 [pid 2719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2716] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2719] <... futex resumed>) = 0 [pid 2701] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2725] <... write resumed>) = 4 [pid 2723] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2720] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2716] <... mprotect resumed>) = 0 [pid 2715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2713] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2701] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2725] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2723] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2720] <... openat resumed>) = 3 [pid 2716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2715] write(4, "#! \n", 4 [pid 2713] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2725] <... futex resumed>) = 0 [pid 2723] <... mprotect resumed>) = 0 [pid 2720] chdir("./file2" [pid 2716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2713] <... mprotect resumed>) = 0 [pid 2725] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2715] <... write resumed>) = 4 [pid 2713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2720] <... chdir resumed>) = 0 [pid 2723] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2720] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2701] <... clone3 resumed> => {parent_tid=[2737]}, 88) = 2737 [pid 2716] <... clone3 resumed> => {parent_tid=[2738]}, 88) = 2738 [pid 2715] <... futex resumed>) = 0 [pid 2713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2701] rt_sigprocmask(SIG_SETMASK, [], [pid 2723] <... clone3 resumed> => {parent_tid=[2739]}, 88) = 2739 [pid 2720] <... openat resumed>) = 4 [pid 2716] rt_sigprocmask(SIG_SETMASK, [], [pid 2723] rt_sigprocmask(SIG_SETMASK, [], [pid 2716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2720] ioctl(4, LOOP_CLR_FD [pid 2716] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] <... clone3 resumed> => {parent_tid=[2740]}, 88) = 2740 [pid 2701] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2723] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2716] <... futex resumed>) = 0 [pid 2713] rt_sigprocmask(SIG_SETMASK, [], [pid 2701] <... futex resumed>) = 0 [pid 2723] <... futex resumed>) = 0 [pid 2716] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2701] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2723] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2713] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2720] <... ioctl resumed>) = 0 [pid 2713] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2740 attached ./strace-static-x86_64: Process 2739 attached ./strace-static-x86_64: Process 2738 attached ./strace-static-x86_64: Process 2737 attached [pid 2720] close(4 [pid 2713] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2740] set_robust_list(0x7f0aeccae9a0, 24 [pid 2739] set_robust_list(0x7f0aeccae9a0, 24 [pid 2738] set_robust_list(0x7f0aeccae9a0, 24 [pid 2737] set_robust_list(0x7f0aeccae9a0, 24 [pid 2720] <... close resumed>) = 0 [pid 2740] <... set_robust_list resumed>) = 0 [pid 2739] <... set_robust_list resumed>) = 0 [pid 2738] <... set_robust_list resumed>) = 0 [pid 2737] <... set_robust_list resumed>) = 0 [pid 2720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2740] rt_sigprocmask(SIG_SETMASK, [], [pid 2739] rt_sigprocmask(SIG_SETMASK, [], [pid 2738] rt_sigprocmask(SIG_SETMASK, [], [pid 2737] rt_sigprocmask(SIG_SETMASK, [], [pid 2720] <... futex resumed>) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2717] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2740] write(4, "#! \n", 4 [pid 2739] write(4, "#! \n", 4 [pid 2738] write(4, "#! \n", 4 [pid 2737] write(4, "#! \n", 4 [pid 2720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2717] <... futex resumed>) = 0 [pid 2740] <... write resumed>) = 4 [pid 2739] <... write resumed>) = 4 [pid 2738] <... write resumed>) = 4 [pid 2737] <... write resumed>) = 4 [pid 2720] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2717] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2740] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2739] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2738] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2737] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2720] <... openat resumed>) = 4 [pid 2740] <... futex resumed>) = 1 [pid 2739] <... futex resumed>) = 1 [pid 2738] <... futex resumed>) = 1 [pid 2737] <... futex resumed>) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2716] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 0 [pid 2701] <... futex resumed>) = 0 [pid 2740] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2739] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2738] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2720] <... futex resumed>) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2701] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] <... futex resumed>) = 0 [pid 2723] <... futex resumed>) = 1 [pid 2720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2719] <... futex resumed>) = 0 [pid 2717] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2716] <... futex resumed>) = 1 [pid 2715] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 1 [pid 2708] <... futex resumed>) = 0 [pid 2701] <... futex resumed>) = 1 [pid 2725] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2723] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2719] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2717] <... futex resumed>) = 0 [pid 2716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2715] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2713] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2708] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2701] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] <... mmap resumed>) = 0x200000000000 [pid 2720] write(4, "#! \n", 4 [pid 2719] <... mmap resumed>) = 0x200000000000 [pid 2717] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] <... mmap resumed>) = 0x200000000000 [pid 2708] <... mmap resumed>) = 0x200000000000 [pid 2725] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2720] <... write resumed>) = 4 [pid 2719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2717] <... futex resumed>) = 0 [pid 2715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] <... futex resumed>) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2719] <... futex resumed>) = 1 [pid 2717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2716] <... futex resumed>) = 0 [pid 2715] <... futex resumed>) = 1 [pid 2713] <... futex resumed>) = 0 [pid 2708] <... futex resumed>) = 1 [pid 2701] <... futex resumed>) = 0 [pid 2725] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2720] <... futex resumed>) = 0 [pid 2719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2717] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2701] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2723] <... futex resumed>) = 0 [pid 2720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2717] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2716] <... futex resumed>) = 0 [pid 2715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2713] <... futex resumed>) = 0 [pid 2708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2701] <... futex resumed>) = 0 [pid 2723] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2717] <... mprotect resumed>) = 0 [pid 2717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2741]}, 88) = 2741 [pid 2717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2717] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2717] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2741 attached [pid 2739] <... futex resumed>) = ? [pid 2723] <... futex resumed>) = ? [pid 2719] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2713] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2701] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2741] set_robust_list(0x7f0aeccae9a0, 24 [pid 2739] +++ killed by SIGBUS +++ [pid 2741] <... set_robust_list resumed>) = 0 [pid 2725] +++ killed by SIGBUS +++ [pid 2723] +++ killed by SIGBUS +++ [pid 2741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2723, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2741] write(4, "#! \n", 4 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2741] <... write resumed>) = 4 [pid 2741] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2741] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2717] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2716] <... futex resumed>) = ? [pid 2713] <... futex resumed>) = ? [pid 2740] <... futex resumed>) = ? [ 60.316737][ T2725] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 60.332424][ T2719] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 60.340361][ T2715] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2715] +++ killed by SIGBUS +++ [pid 2740] +++ killed by SIGBUS +++ [pid 2713] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2713, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2720] <... futex resumed>) = 0 [pid 2720] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2738] <... futex resumed>) = ? [pid 2717] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2737] <... futex resumed>) = ? [pid 2701] <... futex resumed>) = ? [pid 2738] +++ killed by SIGBUS +++ [pid 2719] +++ killed by SIGBUS +++ [pid 2716] +++ killed by SIGBUS +++ [pid 2737] +++ killed by SIGBUS +++ [pid 2708] +++ killed by SIGBUS +++ [pid 2701] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2701, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2717] <... futex resumed>) = 0 [pid 2717] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2716, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... restart_syscall resumed>) = 0 [pid 2720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2741] <... futex resumed>) = ? [pid 2717] <... futex resumed>) = ? [pid 287] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2741] +++ killed by SIGBUS +++ [pid 2720] +++ killed by SIGBUS +++ [pid 2717] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2717, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./78/file2") = 0 [pid 289] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./78/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./78") = 0 [pid 289] mkdir("./79", 0777) = 0 [ 60.347128][ T2708] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 60.369893][ T2720] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 290] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./81/file2") = 0 [pid 290] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./81/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./81" [pid 291] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... rmdir resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... umount2 resumed>) = 0 [pid 287] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] mkdir("./82", 0777 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./79/file2", [pid 290] <... mkdir resumed>) = 0 [pid 289] close(3executing program [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2742 ./strace-static-x86_64: Process 2742 attached [pid 2742] set_robust_list(0x555594a056a0, 24) = 0 [pid 2742] chdir("./82") = 0 [pid 2742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2742] setpgid(0, 0) = 0 [pid 2742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2742] write(3, "1000", 4) = 4 [pid 2742] close(3) = 0 [pid 2742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2742] write(1, "executing program\n", 18) = 18 [pid 2742] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2742] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2743]}, 88) = 2743 [pid 2742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2743 attached [pid 2743] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2743] memfd_create("syzkaller", 0) = 3 [pid 2743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2743] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2743] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2743] close(3) = 0 [pid 2743] close(4 [pid 287] newfstatat(AT_FDCWD, "./83/file2", [pid 291] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(AT_FDCWD, "./78/file2", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... openat resumed>) = 4 [pid 288] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(4, "", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] getdents64(4, [pid 288] <... openat resumed>) = 4 [pid 287] newfstatat(4, "", [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] newfstatat(4, "", [pid 291] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] getdents64(4, [pid 291] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... close resumed>) = 0 [pid 288] getdents64(4, [pid 291] rmdir("./79/file2" [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... rmdir resumed>) = 0 [pid 288] close(4 [pid 291] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] rmdir("./78/file2" [pid 291] newfstatat(AT_FDCWD, "./79/binderfs", [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 288] <... rmdir resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] unlink("./79/binderfs" [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... unlink resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./78/binderfs", [pid 287] <... close resumed>) = 0 [pid 291] getdents64(3, [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] unlink("./78/binderfs" [pid 291] close(3 [pid 287] rmdir("./83/file2" [pid 291] <... close resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 291] rmdir("./79" [pid 287] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./83/binderfs", [pid 291] <... rmdir resumed>) = 0 [pid 291] mkdir("./80", 0777 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] unlink("./83/binderfs" [pid 288] close(3 [pid 287] <... unlink resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... close resumed>) = 0 [pid 287] getdents64(3, [pid 288] rmdir("./78" [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./83" [pid 288] <... rmdir resumed>) = 0 [pid 288] mkdir("./79", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./84", 0777 [pid 288] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2743] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 289] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 2743] mkdir("./file2", 0777 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2743] <... mkdir resumed>) = 0 [pid 2743] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2745 ./strace-static-x86_64: Process 2745 attached [pid 2745] set_robust_list(0x555594a056a0, 24) = 0 [pid 2745] chdir("./79") = 0 [pid 2745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2745] setpgid(0, 0) = 0 [pid 2745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2745] write(3, "1000", 4) = 4 [pid 2745] close(3) = 0 [pid 2745] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2745] write(1, "executing program\n", 18) = 18 [pid 2745] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2745] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2746 attached => {parent_tid=[2746]}, 88) = 2746 [pid 2746] set_robust_list(0x7f0aecccf9a0, 24 [pid 2745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2745] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2745] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2746] <... set_robust_list resumed>) = 0 [pid 2746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2746] memfd_create("syzkaller", 0) = 3 [pid 2746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2746] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2746] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program ) = 4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2746] ioctl(4, LOOP_SET_FD, 3 [pid 291] close(3 [pid 288] close(3 [pid 287] close(3 [pid 291] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2747 ./strace-static-x86_64: Process 2747 attached [pid 2747] set_robust_list(0x555594a056a0, 24) = 0 [pid 2747] chdir("./80") = 0 [pid 2747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2747] setpgid(0, 0) = 0 [pid 2747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2747] write(3, "1000", 4) = 4 [pid 2747] close(3) = 0 [pid 2747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2747] write(1, "executing program\n", 18) = 18 [pid 2747] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2747] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2747] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2749 attached [pid 2749] set_robust_list(0x7f0aecccf9a0, 24 [pid 2747] <... clone3 resumed> => {parent_tid=[2749]}, 88) = 2749 [pid 2746] <... ioctl resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2747] rt_sigprocmask(SIG_SETMASK, [], [pid 2749] <... set_robust_list resumed>) = 0 [pid 2747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2749] rt_sigprocmask(SIG_SETMASK, [], [pid 2747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2747] <... futex resumed>) = 0 [pid 2749] memfd_create("syzkaller", 0 [pid 2747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2746] close(3 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2749] <... memfd_create resumed>) = 3 [pid 2749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2746] <... close resumed>) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2750 [pid 2746] close(4 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2751 ./strace-static-x86_64: Process 2750 attached ./strace-static-x86_64: Process 2751 attached [pid 2750] set_robust_list(0x555594a056a0, 24 [pid 2751] set_robust_list(0x555594a056a0, 24) = 0 [pid 2751] chdir("./84" [pid 2743] <... mount resumed>) = 0 [pid 2750] <... set_robust_list resumed>) = 0 [pid 2743] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2750] chdir("./79" [pid 2743] <... openat resumed>) = 3 [pid 2751] <... chdir resumed>) = 0 [pid 2750] <... chdir resumed>) = 0 [pid 2749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2743] chdir("./file2") = 0 [pid 2743] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2750] setpgid(0, 0) = 0 [pid 2750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2750] write(3, "1000", 4) = 4 [pid 2750] close(3) = 0 [pid 2750] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2750] write(1, "executing program\n", 18) = 18 [pid 2750] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2750] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2750] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2754]}, 88) = 2754 [pid 2750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2750] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2750] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2751] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 2754 attached ) = 0 [pid 2754] set_robust_list(0x7f0aecccf9a0, 24 [pid 2751] setpgid(0, 0 [pid 2754] <... set_robust_list resumed>) = 0 [pid 2751] <... setpgid resumed>) = 0 [pid 2754] rt_sigprocmask(SIG_SETMASK, [], [pid 2749] <... write resumed>) = 524288 [pid 2749] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2749] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2754] memfd_create("syzkaller", 0) = 3 [pid 2754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2751] write(3, "1000", 4) = 4 [pid 2751] close(3) = 0 [pid 2751] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2751] write(1, "executing program\n", 18) = 18 [pid 2751] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2751] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2755 attached => {parent_tid=[2755]}, 88) = 2755 [pid 2751] rt_sigprocmask(SIG_SETMASK, [], [pid 2755] set_robust_list(0x7f0aecccf9a0, 24 [pid 2751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2755] <... set_robust_list resumed>) = 0 [pid 2755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2755] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2755] <... futex resumed>) = 0 [pid 2755] memfd_create("syzkaller", 0) = 3 [pid 2755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2754] <... write resumed>) = 524288 [pid 2755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2754] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2754] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2755] <... write resumed>) = 524288 [pid 2755] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2755] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2746] <... close resumed>) = 0 [pid 2743] <... openat resumed>) = 4 [pid 2743] ioctl(4, LOOP_CLR_FD) = 0 [pid 2743] close(4) = 0 [pid 2743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2742] <... futex resumed>) = 0 [pid 2743] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] <... openat resumed>) = 4 [pid 2746] mkdir("./file2", 0777 [pid 2742] <... futex resumed>) = 0 [pid 2749] ioctl(4, LOOP_SET_FD, 3 [pid 2742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2754] <... openat resumed>) = 4 [pid 2754] ioctl(4, LOOP_SET_FD, 3 [pid 2746] <... mkdir resumed>) = 0 [pid 2746] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2743] <... openat resumed>) = 4 [pid 2743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] <... ioctl resumed>) = 0 [pid 2743] <... futex resumed>) = 1 [pid 2742] <... futex resumed>) = 0 [pid 2755] <... openat resumed>) = 4 [pid 2755] ioctl(4, LOOP_SET_FD, 3 [pid 2742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2743] write(4, "#! \n", 4 [pid 2742] <... futex resumed>) = 0 [pid 2743] <... write resumed>) = 4 [pid 2742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2743] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2742] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2758]}, 88) = 2758 [pid 2742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2742] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2754] close(3) = 0 [pid 2754] close(4 [pid 2749] <... ioctl resumed>) = 0 [pid 2749] close(3) = 0 [pid 2749] close(4./strace-static-x86_64: Process 2758 attached [pid 2758] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2758] write(4, "#! \n", 4) = 4 [pid 2758] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2758] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2742] <... futex resumed>) = 0 [pid 2742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2743] <... futex resumed>) = 0 [pid 2743] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2742] <... futex resumed>) = 0 [pid 2742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... mount resumed>) = 0 [pid 2742] <... futex resumed>) = 0 [pid 2746] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2746] chdir("./file2") = 0 [pid 2746] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2743] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2758] <... futex resumed>) = ? [pid 2742] <... futex resumed>) = ? [pid 2758] +++ killed by SIGBUS +++ [pid 2743] +++ killed by SIGBUS +++ [pid 2742] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2742, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2749] <... close resumed>) = 0 [pid 2749] mkdir("./file2", 0777 [pid 2755] <... ioctl resumed>) = 0 [pid 2749] <... mkdir resumed>) = 0 [pid 2755] close(3 [pid 2749] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2755] <... close resumed>) = 0 [ 60.968141][ T2743] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2755] close(4 [pid 2754] <... close resumed>) = 0 [pid 2754] mkdir("./file2", 0777) = 0 [pid 2754] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue") = 0 [pid 2749] <... mount resumed>) = 0 [pid 2754] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2754] chdir("./file2") = 0 [pid 2754] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2749] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2749] chdir("./file2") = 0 [pid 2749] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2755] <... close resumed>) = 0 [pid 2746] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 2755] mkdir("./file2", 0777) = 0 [pid 2755] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2746] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./82/file2") = 0 [pid 290] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./82/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./82") = 0 [pid 290] mkdir("./83", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2754] <... openat resumed>) = 4 [pid 2749] <... openat resumed>) = 4 [pid 2746] <... ioctl resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 2754] ioctl(4, LOOP_CLR_FD [pid 2749] ioctl(4, LOOP_CLR_FD [pid 2746] close(4 [pid 290] ioctl(3, LOOP_CLR_FD [pid 2754] <... ioctl resumed>) = 0 [pid 2749] <... ioctl resumed>) = 0 [pid 2746] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2754] close(4 [pid 2749] close(4 [pid 2746] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 2754] <... close resumed>) = 0 [pid 2749] <... close resumed>) = 0 [pid 2746] <... futex resumed>) = 1 [pid 2745] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 2754] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2745] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2754] <... futex resumed>) = 1 [pid 2750] <... futex resumed>) = 0 [pid 2749] <... futex resumed>) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2745] <... futex resumed>) = 0 [pid 2754] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2745] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2766 [pid 2754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2750] <... futex resumed>) = 0 [pid 2749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2747] <... futex resumed>) = 0 [pid 2746] <... openat resumed>) = 4 [pid 2754] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2750] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2749] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2746] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] <... openat resumed>) = 4 [pid 2749] <... openat resumed>) = 4 [pid 2746] <... futex resumed>) = 1 [pid 2745] <... futex resumed>) = 0 [pid 2754] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2745] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] <... futex resumed>) = 1 [pid 2750] <... futex resumed>) = 0 [pid 2749] <... futex resumed>) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2745] <... futex resumed>) = 0 [pid 2754] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] write(4, "#! \n", 4 [pid 2745] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2750] <... futex resumed>) = 0 [pid 2749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2747] <... futex resumed>) = 0 [pid 2746] <... write resumed>) = 4 [pid 2745] <... futex resumed>) = 0 [pid 2754] write(4, "#! \n", 4 [pid 2750] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] write(4, "#! \n", 4 [pid 2747] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2754] <... write resumed>) = 4 [pid 2750] <... futex resumed>) = 0 [pid 2749] <... write resumed>) = 4 [pid 2747] <... futex resumed>) = 0 [pid 2746] <... futex resumed>) = 0 [pid 2745] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2754] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2749] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2746] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2745] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2766 attached [pid 2754] <... futex resumed>) = 0 [pid 2750] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2749] <... futex resumed>) = 0 [pid 2747] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2745] <... mprotect resumed>) = 0 [pid 2766] set_robust_list(0x555594a056a0, 24 [pid 2754] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2749] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2747] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2745] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2766] <... set_robust_list resumed>) = 0 [pid 2750] <... mprotect resumed>) = 0 [pid 2747] <... mprotect resumed>) = 0 [pid 2745] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2766] chdir("./83" [pid 2750] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2747] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2766] <... chdir resumed>) = 0 [pid 2750] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2747] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2766] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2745] <... clone3 resumed> => {parent_tid=[2768]}, 88) = 2768 [pid 2766] <... prctl resumed>) = 0 [pid 2745] rt_sigprocmask(SIG_SETMASK, [], [pid 2766] setpgid(0, 0 [pid 2750] <... clone3 resumed> => {parent_tid=[2769]}, 88) = 2769 [pid 2747] <... clone3 resumed> => {parent_tid=[2770]}, 88) = 2770 [pid 2745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2766] <... setpgid resumed>) = 0 [pid 2750] rt_sigprocmask(SIG_SETMASK, [], [pid 2747] rt_sigprocmask(SIG_SETMASK, [], [pid 2745] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2745] <... futex resumed>) = 0 [pid 2766] <... openat resumed>) = 3 [pid 2750] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2747] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2745] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2766] write(3, "1000", 4 [pid 2750] <... futex resumed>) = 0 [pid 2747] <... futex resumed>) = 0 [pid 2766] <... write resumed>) = 4 [pid 2750] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2766] close(3) = 0 executing program [pid 2766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2766] write(1, "executing program\n", 18) = 18 [pid 2766] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2766] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2766] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2768 attached ) = 0 [pid 2766] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2768] set_robust_list(0x7f0aeccae9a0, 24 [pid 2766] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2768] <... set_robust_list resumed>) = 0 [pid 2768] rt_sigprocmask(SIG_SETMASK, [], [pid 2766] <... clone3 resumed> => {parent_tid=[2772]}, 88) = 2772 ./strace-static-x86_64: Process 2769 attached [pid 2766] rt_sigprocmask(SIG_SETMASK, [], [pid 2769] set_robust_list(0x7f0aeccae9a0, 24 [pid 2766] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 2770 attached [pid 2769] <... set_robust_list resumed>) = 0 [pid 2766] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2770] set_robust_list(0x7f0aeccae9a0, 24 [pid 2769] rt_sigprocmask(SIG_SETMASK, [], [pid 2766] <... futex resumed>) = 0 [pid 2770] <... set_robust_list resumed>) = 0 [pid 2769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2766] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2755] <... mount resumed>) = 0 [pid 2768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2770] rt_sigprocmask(SIG_SETMASK, [], [pid 2769] write(4, "#! \n", 4 [pid 2768] write(4, "#! \n", 4 [pid 2755] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2769] <... write resumed>) = 4 [pid 2768] <... write resumed>) = 4 [pid 2755] <... openat resumed>) = 3 [pid 2768] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] chdir("./file2" [pid 2745] <... futex resumed>) = 0 [pid 2770] write(4, "#! \n", 4 [pid 2769] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2768] <... futex resumed>) = 1 [pid 2755] <... chdir resumed>) = 0 [pid 2745] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2768] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2755] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2745] <... futex resumed>) = 1 [pid 2746] <... futex resumed>) = 0 [pid 2755] <... openat resumed>) = 4 [pid 2745] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2746] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2755] ioctl(4, LOOP_CLR_FD [pid 2770] <... write resumed>) = 4 [pid 2769] <... futex resumed>) = 1 [pid 2755] <... ioctl resumed>) = 0 [pid 2750] <... futex resumed>) = 0 [pid 2746] <... mmap resumed>) = 0x200000000000 [pid 2770] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2769] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2770] <... futex resumed>) = 1 [pid 2754] <... futex resumed>) = 0 [pid 2750] <... futex resumed>) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2770] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2754] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2750] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] <... mmap resumed>) = 0x200000000000 [pid 2749] <... futex resumed>) = 0 [pid 2747] <... futex resumed>) = 1 ./strace-static-x86_64: Process 2772 attached [pid 2755] close(4 [pid 2754] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2746] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] <... close resumed>) = 0 [pid 2754] <... futex resumed>) = 1 [pid 2750] <... futex resumed>) = 0 [pid 2749] <... mmap resumed>) = 0x200000000000 [pid 2746] <... futex resumed>) = 1 [pid 2745] <... futex resumed>) = 0 [pid 2755] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2749] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2745] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] <... futex resumed>) = 1 [pid 2754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2751] <... futex resumed>) = 0 [pid 2750] <... futex resumed>) = 0 [pid 2749] <... futex resumed>) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2745] <... futex resumed>) = 0 [pid 2772] set_robust_list(0x7f0aecccf9a0, 24 [pid 2755] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2750] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2745] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2772] <... set_robust_list resumed>) = 0 [pid 2755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2751] <... futex resumed>) = 0 [pid 2772] rt_sigprocmask(SIG_SETMASK, [], [pid 2755] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2751] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2755] <... openat resumed>) = 4 [pid 2754] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2772] memfd_create("syzkaller", 0 [pid 2755] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2772] <... memfd_create resumed>) = 3 [pid 2769] <... futex resumed>) = ? [pid 2755] <... futex resumed>) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2755] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2772] <... mmap resumed>) = 0x7f0ae48af000 [pid 2755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2751] <... futex resumed>) = 0 [pid 2772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2755] write(4, "#! \n", 4 [pid 2751] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] <... write resumed>) = 4 [pid 2751] <... futex resumed>) = 0 [pid 2755] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2755] <... futex resumed>) = 0 [pid 2751] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2755] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2750] <... futex resumed>) = ? [pid 2749] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2747] <... futex resumed>) = 0 [pid 2746] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- ./strace-static-x86_64: Process 2774 attached [pid 2772] <... write resumed>) = 524288 [pid 2770] <... futex resumed>) = ? [pid 2769] +++ killed by SIGBUS +++ [pid 2768] <... futex resumed>) = ? [pid 2745] <... futex resumed>) = ? [pid 2774] set_robust_list(0x7f0aeccae9a0, 24 [pid 2772] munmap(0x7f0ae48af000, 138412032 [pid 2770] +++ killed by SIGBUS +++ [pid 2754] +++ killed by SIGBUS +++ [pid 2751] <... clone3 resumed> => {parent_tid=[2774]}, 88) = 2774 [pid 2750] +++ killed by SIGBUS +++ [pid 2768] +++ killed by SIGBUS +++ [pid 2774] <... set_robust_list resumed>) = 0 [pid 2772] <... munmap resumed>) = 0 [pid 2751] rt_sigprocmask(SIG_SETMASK, [], [pid 2749] +++ killed by SIGBUS +++ [pid 2747] +++ killed by SIGBUS +++ [pid 2774] rt_sigprocmask(SIG_SETMASK, [], [pid 2772] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2772] <... openat resumed>) = 4 [pid 2774] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2772] ioctl(4, LOOP_SET_FD, 3 [pid 2746] +++ killed by SIGBUS +++ [pid 2745] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2747, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2750, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2745, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 2751] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2751] <... futex resumed>) = 1 [pid 2774] <... futex resumed>) = 0 [pid 2751] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2774] write(4, "#! \n", 4) = 4 [pid 2772] <... ioctl resumed>) = 0 [pid 2774] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2772] close(3 [pid 2774] <... futex resumed>) = 1 [pid 2772] <... close resumed>) = 0 [pid 2751] <... futex resumed>) = 0 [pid 2774] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.173664][ T2754] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 61.173705][ T2746] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 61.188653][ T2749] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2772] close(4 [pid 2751] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] <... futex resumed>) = 0 [pid 2751] <... futex resumed>) = 1 [pid 2755] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2751] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2755] <... mmap resumed>) = 0x200000000000 [pid 2755] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2755] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2751] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2751] <... futex resumed>) = 0 [pid 2751] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2751] <... futex resumed>) = ? [pid 2774] <... futex resumed>) = ? [pid 2774] +++ killed by SIGBUS +++ [pid 288] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... openat resumed>) = 3 [pid 291] <... openat resumed>) = 3 [pid 291] newfstatat(3, "", [pid 288] newfstatat(3, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, [pid 288] getdents64(3, [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2755] +++ killed by SIGBUS +++ [pid 2751] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2751, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2772] <... close resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 2772] mkdir("./file2", 0777) = 0 [pid 287] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2772] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 61.232876][ T2755] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./80/file2") = 0 [pid 291] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./80/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./80") = 0 [pid 291] mkdir("./81", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2772] <... mount resumed>) = 0 [pid 2772] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2772] chdir("./file2") = 0 [pid 2772] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./84/file2") = 0 [pid 287] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./84/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./84") = 0 [pid 287] mkdir("./85", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2772] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 2772] ioctl(4, LOOP_CLR_FD) = 0 [pid 2772] close(4) = 0 [pid 291] <... openat resumed>) = 3 [pid 2772] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2772] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 2766] <... futex resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./79/file2") = 0 [pid 2766] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2772] <... futex resumed>) = 0 [pid 2766] <... futex resumed>) = 1 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./79/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./79" [pid 2772] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2766] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] close(3 [pid 289] <... rmdir resumed>) = 0 [pid 288] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... openat resumed>) = 3 [pid 2772] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 289] mkdir("./80", 0777 [pid 2772] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... mkdir resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] ioctl(3, LOOP_CLR_FD [pid 2772] <... futex resumed>) = 1 [pid 2766] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] newfstatat(AT_FDCWD, "./79/file2", [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2772] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2766] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2778 [pid 289] <... openat resumed>) = 3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2766] <... futex resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] close(3 [pid 2772] write(4, "#! \n", 4 [pid 2766] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2772] <... write resumed>) = 4 [pid 2766] <... futex resumed>) = 0 [pid 289] close(3 [pid 288] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... close resumed>) = 0 [pid 2772] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 2772] <... futex resumed>) = 0 [pid 2766] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] newfstatat(4, "", [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2772] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2766] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2766] <... mprotect resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2779 [pid 2766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 288] getdents64(4, [pid 2766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2766] <... clone3 resumed> => {parent_tid=[2781]}, 88) = 2781 [pid 288] getdents64(4, [pid 2766] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2780 [pid 2766] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(4 [pid 2766] <... futex resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2766] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] rmdir("./79/file2"./strace-static-x86_64: Process 2778 attached ) = 0 [pid 2778] set_robust_list(0x555594a056a0, 24 [pid 288] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2778] <... set_robust_list resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2778] chdir("./81" [pid 288] newfstatat(AT_FDCWD, "./79/binderfs", [pid 2778] <... chdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2778] setpgid(0, 0) = 0 [pid 2778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] unlink("./79/binderfs" [pid 2778] <... openat resumed>) = 3 [pid 288] <... unlink resumed>) = 0 [pid 2778] write(3, "1000", 4 [pid 288] getdents64(3, [pid 2778] <... write resumed>) = 4 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2778] close(3 [pid 288] close(3 [pid 2778] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 executing program [pid 2778] symlink("/dev/binderfs", "./binderfs" [pid 288] rmdir("./79"./strace-static-x86_64: Process 2779 attached ) = 0 [pid 288] mkdir("./80", 0777 [pid 2779] set_robust_list(0x555594a056a0, 24 [pid 288] <... mkdir resumed>) = 0 [pid 2779] <... set_robust_list resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2779] chdir("./80" [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2779] <... chdir resumed>) = 0 [pid 288] close(3 [pid 2779] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] <... close resumed>) = 0 [pid 2779] <... prctl resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2779] setpgid(0, 0) = 0 [pid 2779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2779] write(3, "1000", 4) = 4 [pid 2779] close(3) = 0 [pid 2779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2779] write(1, "executing program\n", 18) = 18 [pid 2779] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2779] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2779] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2779] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2779] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2783]}, 88) = 2783 [pid 2779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2779] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2779] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2782 [pid 2778] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 2782 attached [pid 2782] set_robust_list(0x555594a056a0, 24) = 0 [pid 2782] chdir("./80") = 0 [pid 2782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2782] setpgid(0, 0) = 0 [pid 2782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2782] write(3, "1000", 4) = 4 [pid 2782] close(3) = 0 [pid 2782] symlink("/dev/binderfs", "./binderfs" executing program [pid 2778] write(1, "executing program\n", 18executing program [pid 2782] <... symlink resumed>) = 0 [pid 2778] <... write resumed>) = 18 [pid 2782] write(1, "executing program\n", 18) = 18 [pid 2782] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2782] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2782] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2782] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2782] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2778] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2784]}, 88) = 2784 [pid 2782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2782] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2782] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2784 attached [pid 2784] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2784] memfd_create("syzkaller", 0) = 3 [pid 2784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2778] <... futex resumed>) = 0 [pid 2778] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 2781 attached ./strace-static-x86_64: Process 2780 attached NULL, 8) = 0 [pid 2778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2781] set_robust_list(0x7f0aeccae9a0, 24 [pid 2780] set_robust_list(0x555594a056a0, 24 [pid 2778] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2778] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2781] <... set_robust_list resumed>) = 0 [pid 2780] <... set_robust_list resumed>) = 0 [pid 2778] <... mprotect resumed>) = 0 [pid 2781] rt_sigprocmask(SIG_SETMASK, [], [pid 2780] chdir("./85" [pid 2778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2780] <... chdir resumed>) = 0 [pid 2781] write(4, "#! \n", 4 [pid 2778] <... clone3 resumed> => {parent_tid=[2785]}, 88) = 2785 [pid 2781] <... write resumed>) = 4 [pid 2780] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2778] rt_sigprocmask(SIG_SETMASK, [], [pid 2780] <... prctl resumed>) = 0 [pid 2778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2781] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2778] <... futex resumed>) = 0 [pid 2780] setpgid(0, 0 [pid 2766] <... futex resumed>) = 0 [pid 2781] <... futex resumed>) = 1 [pid 2778] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2766] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2780] <... setpgid resumed>) = 0 [pid 2772] <... futex resumed>) = 0 [pid 2766] <... futex resumed>) = 1 [pid 2772] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2766] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2785 attached [pid 2785] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2772] <... mmap resumed>) = 0x200000000000 [pid 2781] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2772] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2785] rt_sigprocmask(SIG_SETMASK, [], [pid 2772] <... futex resumed>) = 1 [pid 2766] <... futex resumed>) = 0 [pid 2772] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2766] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2766] <... futex resumed>) = 0 [pid 2785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2785] memfd_create("syzkaller", 0) = 3 [pid 2785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2784] <... write resumed>) = 524288 [pid 2784] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2784] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2784] ioctl(4, LOOP_SET_FD, 3 [pid 2785] <... write resumed>) = 524288 [pid 2785] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2785] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 2783 attached [pid 2783] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2783] memfd_create("syzkaller", 0) = 3 [pid 2783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2783] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2783] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2780] <... openat resumed>) = 3 [pid 2780] write(3, "1000", 4) = 4 [pid 2780] close(3) = 0 [pid 2780] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2780] write(1, "executing program\n", 18) = 18 [pid 2780] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2780] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2780] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2780] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2786]}, 88) = 2786 [pid 2780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2780] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2780] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2766] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2785] <... openat resumed>) = 4 [pid 2784] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 2786 attached [pid 2785] ioctl(4, LOOP_SET_FD, 3 [pid 2784] close(3 [pid 2783] <... openat resumed>) = 4 [pid 2772] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2784] <... close resumed>) = 0 [pid 2784] close(4 [pid 2786] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2786] memfd_create("syzkaller", 0) = 3 [pid 2786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2783] ioctl(4, LOOP_SET_FD, 3 [pid 2781] <... futex resumed>) = ? [pid 2766] <... futex resumed>) = ? [pid 2781] +++ killed by SIGBUS +++ [pid 2786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2785] <... ioctl resumed>) = 0 [pid 2785] close(3) = 0 [pid 2785] close(4 [pid 2772] +++ killed by SIGBUS +++ [pid 2766] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2766, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2786] <... write resumed>) = 524288 [pid 2786] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2786] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2784] <... close resumed>) = 0 [pid 2784] mkdir("./file2", 0777 [pid 2783] <... ioctl resumed>) = 0 [pid 2783] close(3) = 0 [pid 2783] close(4 [pid 2784] <... mkdir resumed>) = 0 [ 61.541191][ T2772] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2784] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2786] <... openat resumed>) = 4 [pid 2785] <... close resumed>) = 0 [pid 2786] ioctl(4, LOOP_SET_FD, 3 [pid 2785] mkdir("./file2", 0777) = 0 [pid 2785] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2783] <... close resumed>) = 0 [pid 2783] mkdir("./file2", 0777 [pid 2786] <... ioctl resumed>) = 0 [pid 2783] <... mkdir resumed>) = 0 [pid 2783] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... umount2 resumed>) = 0 [pid 2786] close(3 [pid 290] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./83/file2", [pid 2786] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./83/file2" [pid 2786] close(4 [pid 290] <... rmdir resumed>) = 0 [pid 290] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./83/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./83") = 0 [pid 290] mkdir("./84", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2784] <... mount resumed>) = 0 [pid 2784] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2785] <... mount resumed>) = 0 [pid 2783] <... mount resumed>) = 0 [pid 2784] <... openat resumed>) = 3 [pid 2785] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2785] chdir("./file2") = 0 [pid 2785] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2783] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2783] chdir("./file2") = 0 [pid 2783] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2784] chdir("./file2") = 0 [pid 2784] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2786] <... close resumed>) = 0 [pid 2786] mkdir("./file2", 0777 [pid 290] <... openat resumed>) = 3 [pid 2786] <... mkdir resumed>) = 0 [pid 2786] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2785] <... openat resumed>) = 4 [pid 2785] ioctl(4, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 2784] <... openat resumed>) = 4 [pid 2785] <... ioctl resumed>) = 0 [pid 2785] close(4) = 0 [pid 2785] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2785] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... openat resumed>) = 4 [pid 2783] ioctl(4, LOOP_CLR_FD) = 0 [pid 2783] close(4) = 0 [pid 2783] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] <... futex resumed>) = 0 [pid 2778] <... futex resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2784] ioctl(4, LOOP_CLR_FD [pid 2783] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2779] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2779] <... futex resumed>) = 0 [pid 2783] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2779] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2784] <... ioctl resumed>) = 0 [pid 2778] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 2778] <... futex resumed>) = 1 [pid 290] <... close resumed>) = 0 [pid 2778] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2785] <... futex resumed>) = 0 [pid 2784] close(4 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2784] <... close resumed>) = 0 [pid 2785] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2784] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2783] <... openat resumed>) = 4 [pid 2785] <... openat resumed>) = 4 [pid 2784] <... futex resumed>) = 1 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2797 [pid 2782] <... futex resumed>) = 0 [pid 2783] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2797 attached [pid 2785] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2784] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... futex resumed>) = 1 [pid 2782] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2779] <... futex resumed>) = 0 [pid 2785] <... futex resumed>) = 1 [pid 2784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2783] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] <... futex resumed>) = 0 [pid 2779] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] <... futex resumed>) = 0 [pid 2785] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2784] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2782] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] <... futex resumed>) = 0 [pid 2778] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2785] write(4, "#! \n", 4 [pid 2784] <... openat resumed>) = 4 [pid 2783] write(4, "#! \n", 4 [pid 2779] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] <... futex resumed>) = 0 [pid 2785] <... write resumed>) = 4 [pid 2785] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2784] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2783] <... write resumed>) = 4 [pid 2779] <... futex resumed>) = 0 [pid 2778] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2785] <... futex resumed>) = 0 [pid 2797] set_robust_list(0x555594a056a0, 24) = 0 [pid 2786] <... mount resumed>) = 0 [pid 2783] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2785] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2778] <... futex resumed>) = 0 [pid 2786] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2784] <... futex resumed>) = 1 [pid 2783] <... futex resumed>) = 0 [pid 2782] <... futex resumed>) = 0 [pid 2779] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2786] <... openat resumed>) = 3 [pid 2784] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2779] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2778] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2786] chdir("./file2" [pid 2784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2782] <... futex resumed>) = 0 [pid 2779] <... mprotect resumed>) = 0 [pid 2778] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2786] <... chdir resumed>) = 0 [pid 2784] write(4, "#! \n", 4 [pid 2782] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2786] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2779] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2778] <... mprotect resumed>) = 0 [pid 2786] <... openat resumed>) = 4 [pid 2784] <... write resumed>) = 4 [pid 2782] <... futex resumed>) = 0 [pid 2779] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2786] ioctl(4, LOOP_CLR_FD [pid 2784] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2778] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2786] <... ioctl resumed>) = 0 [pid 2784] <... futex resumed>) = 0 [pid 2782] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2786] close(4 [pid 2784] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2778] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2786] <... close resumed>) = 0 [pid 2782] <... mprotect resumed>) = 0 [pid 2779] <... clone3 resumed> => {parent_tid=[2800]}, 88) = 2800 [pid 2778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2786] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2779] rt_sigprocmask(SIG_SETMASK, [], [pid 2786] <... futex resumed>) = 1 [pid 2782] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2780] <... futex resumed>) = 0 [pid 2779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2786] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2780] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2779] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] <... clone3 resumed> => {parent_tid=[2801]}, 88) = 2801 [pid 2786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2780] <... futex resumed>) = 0 [pid 2779] <... futex resumed>) = 0 [pid 2778] rt_sigprocmask(SIG_SETMASK, [], [pid 2782] <... clone3 resumed> => {parent_tid=[2802]}, 88) = 2802 [pid 2786] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2782] rt_sigprocmask(SIG_SETMASK, [], [pid 2780] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2782] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2786] <... openat resumed>) = 4 [pid 2778] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2786] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2782] <... futex resumed>) = 0 [pid 2786] <... futex resumed>) = 1 [pid 2782] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2780] <... futex resumed>) = 0 [pid 2778] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2802 attached ./strace-static-x86_64: Process 2801 attached [pid 2786] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2780] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] set_robust_list(0x7f0aeccae9a0, 24 [pid 2801] set_robust_list(0x7f0aeccae9a0, 24 [pid 2786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2780] <... futex resumed>) = 0 [pid 2801] <... set_robust_list resumed>) = 0 [pid 2786] write(4, "#! \n", 4 [pid 2780] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2802] <... set_robust_list resumed>) = 0 [pid 2802] rt_sigprocmask(SIG_SETMASK, [], [pid 2801] rt_sigprocmask(SIG_SETMASK, [], [pid 2786] <... write resumed>) = 4 [pid 2780] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2800 attached [pid 2802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2797] chdir("./84" [pid 2786] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2802] write(4, "#! \n", 4 [pid 2801] write(4, "#! \n", 4 [pid 2800] set_robust_list(0x7f0aeccae9a0, 24 [pid 2786] <... futex resumed>) = 0 [pid 2780] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2802] <... write resumed>) = 4 [pid 2801] <... write resumed>) = 4 [pid 2802] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2800] <... set_robust_list resumed>) = 0 [pid 2786] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2780] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2802] <... futex resumed>) = 1 [pid 2801] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2800] rt_sigprocmask(SIG_SETMASK, [], [pid 2782] <... futex resumed>) = 0 [pid 2802] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2801] <... futex resumed>) = 1 [pid 2782] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2780] <... mprotect resumed>) = 0 [pid 2778] <... futex resumed>) = 0 [pid 2801] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2800] write(4, "#! \n", 4 [pid 2797] <... chdir resumed>) = 0 [pid 2784] <... futex resumed>) = 0 [pid 2782] <... futex resumed>) = 1 [pid 2780] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2778] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2800] <... write resumed>) = 4 [pid 2797] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2785] <... futex resumed>) = 0 [pid 2784] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2782] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2780] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2778] <... futex resumed>) = 1 [pid 2800] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2797] <... prctl resumed>) = 0 [pid 2785] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2784] <... mmap resumed>) = 0x200000000000 [pid 2780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2778] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2797] setpgid(0, 0) = 0 [pid 2785] <... mmap resumed>) = 0x200000000000 [pid 2797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2784] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2785] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2784] <... futex resumed>) = 1 [pid 2782] <... futex resumed>) = 0 [pid 2785] <... futex resumed>) = 1 [pid 2784] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2780] <... clone3 resumed> => {parent_tid=[2803]}, 88) = 2803 [pid 2778] <... futex resumed>) = 0 [pid 2785] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2782] <... futex resumed>) = 0 [pid 2780] rt_sigprocmask(SIG_SETMASK, [], [pid 2778] <... futex resumed>) = 0 [pid 2797] <... openat resumed>) = 3 [pid 2797] write(3, "1000", 4) = 4 [pid 2797] close(3) = 0 [pid 2797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2797] write(1, "executing program\n", 18executing program ) = 18 [pid 2797] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2797] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2797] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2804]}, 88) = 2804 [pid 2797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2797] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2800] <... futex resumed>) = 1 [pid 2779] <... futex resumed>) = 0 [pid 2800] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2803 attached [pid 2803] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2803] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2784] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2780] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2803] <... futex resumed>) = 0 [pid 2780] <... futex resumed>) = 1 [pid 2803] write(4, "#! \n", 4) = 4 [pid 2780] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2803] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2803] <... futex resumed>) = 0 [pid 2780] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2803] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2780] <... futex resumed>) = 1 [pid 2780] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2804 attached [pid 2804] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2804] memfd_create("syzkaller", 0) = 3 [pid 2804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2804] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2804] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2804] ioctl(4, LOOP_SET_FD, 3 [pid 2782] <... futex resumed>) = ? [pid 2779] <... futex resumed>) = 1 [pid 2779] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] <... futex resumed>) = ? [pid 2784] +++ killed by SIGBUS +++ [pid 2802] +++ killed by SIGBUS +++ [pid 2782] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2782, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2786] <... futex resumed>) = 0 [pid 2786] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2786] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2780] <... futex resumed>) = 0 [pid 2783] <... futex resumed>) = 0 [pid 2785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2783] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2780] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2783] <... mmap resumed>) = 0x200000000000 [pid 2783] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] <... futex resumed>) = 0 [pid 2786] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2779] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2778] <... futex resumed>) = ? [pid 2803] <... futex resumed>) = ? [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2780] <... futex resumed>) = ? [pid 2803] +++ killed by SIGBUS +++ [ 61.773670][ T2784] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 61.791174][ T2785] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 61.805906][ T2786] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2786] +++ killed by SIGBUS +++ [pid 2780] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2780, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 2801] <... futex resumed>) = ? [pid 2779] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2779] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] <... ioctl resumed>) = 0 [pid 2783] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 288] <... umount2 resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 288] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(3, "", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(AT_FDCWD, "./80/file2", [pid 287] getdents64(3, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2804] close(3 [pid 2800] <... futex resumed>) = ? [pid 2779] <... futex resumed>) = ? [pid 288] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2804] <... close resumed>) = 0 [pid 2801] +++ killed by SIGBUS +++ [pid 2800] +++ killed by SIGBUS +++ [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2785] +++ killed by SIGBUS +++ [pid 2778] +++ killed by SIGBUS +++ [pid 2804] close(4 [pid 288] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2778, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] <... openat resumed>) = 4 [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 291] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] getdents64(4, [pid 291] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] <... openat resumed>) = 3 [pid 288] close(4 [pid 291] newfstatat(3, "", [pid 288] <... close resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] rmdir("./80/file2" [pid 2783] +++ killed by SIGBUS +++ [pid 2779] +++ killed by SIGBUS +++ [pid 291] getdents64(3, [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2779, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] <... rmdir resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./80/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./80") = 0 [pid 288] mkdir("./81", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 61.807842][ T2783] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 288] <... openat resumed>) = 3 [pid 289] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./80/file2") = 0 [pid 289] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./80/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./80") = 0 [pid 289] mkdir("./81", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 291] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2806 [pid 287] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 2806 attached [pid 291] newfstatat(AT_FDCWD, "./81/file2", [pid 289] close(3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2806] set_robust_list(0x555594a056a0, 24) = 0 [pid 2806] chdir("./81") = 0 [pid 291] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./85/file2", [pid 2806] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2806] <... prctl resumed>) = 0 [pid 2806] setpgid(0, 0 [pid 291] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(4, "", [pid 287] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2806] <... setpgid resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 291] getdents64(4, [pid 287] newfstatat(4, "", [pid 2806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 287] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2806] <... openat resumed>) = 3 [pid 291] close(4 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... close resumed>) = 0 [pid 2806] write(3, "1000", 4) = 4 [pid 287] getdents64(4, [pid 291] rmdir("./81/file2" [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2806] close(3) = 0 [pid 2806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2806] write(1, "executing program\n", 18executing program [pid 291] <... rmdir resumed>) = 0 [pid 287] close(4 [pid 291] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] rmdir("./85/file2" [pid 291] newfstatat(AT_FDCWD, "./81/binderfs", [pid 2806] <... write resumed>) = 18 [pid 2806] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 287] <... rmdir resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] unlink("./81/binderfs" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2806] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 291] <... unlink resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./85/binderfs", [pid 2806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] getdents64(3, [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] unlink("./85/binderfs" [pid 2806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] close(3 [pid 2806] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2806] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 287] <... unlink resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] getdents64(3, [pid 291] rmdir("./81" [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2806] <... mprotect resumed>) = 0 [pid 2806] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... rmdir resumed>) = 0 [pid 287] close(3 [pid 291] mkdir("./82", 0777 [pid 287] <... close resumed>) = 0 [pid 2806] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2807]}, 88) = 2807 [pid 2806] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... mkdir resumed>) = 0 [pid 287] rmdir("./85" [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2806] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2806] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2807 attached [pid 287] <... rmdir resumed>) = 0 [pid 2807] set_robust_list(0x7f0aecccf9a0, 24 [pid 287] mkdir("./86", 0777 [pid 2807] <... set_robust_list resumed>) = 0 [pid 2807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2807] memfd_create("syzkaller", 0 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2807] <... memfd_create resumed>) = 3 [pid 2807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2807] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2807] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2804] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2808 [pid 2804] mkdir("./file2", 0777 [pid 291] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 2808 attached [pid 2804] <... mkdir resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] ioctl(3, LOOP_CLR_FD [pid 2804] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] close(3 [pid 287] <... ioctl resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] close(3 [pid 2808] set_robust_list(0x555594a056a0, 24 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 2808] <... set_robust_list resumed>) = 0 [pid 2808] chdir("./81" [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2808] <... chdir resumed>) = 0 [pid 2808] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2809 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2810 [pid 2808] <... prctl resumed>) = 0 [pid 2808] setpgid(0, 0) = 0 [pid 2808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2808] write(3, "1000", 4) = 4 [pid 2808] close(3./strace-static-x86_64: Process 2810 attached ./strace-static-x86_64: Process 2809 attached [pid 2810] set_robust_list(0x555594a056a0, 24 [pid 2808] <... close resumed>) = 0 [pid 2810] <... set_robust_list resumed>) = 0 [pid 2809] set_robust_list(0x555594a056a0, 24 [pid 2808] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2808] write(1, "executing program\n", 18 [pid 2810] chdir("./86" [pid 2808] <... write resumed>) = 18 [pid 2808] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2808] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2810] <... chdir resumed>) = 0 [pid 2808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2811]}, 88) = 2811 [pid 2810] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2808] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2811 attached [pid 2811] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2811] memfd_create("syzkaller", 0) = 3 [pid 2811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2810] <... prctl resumed>) = 0 [pid 2809] <... set_robust_list resumed>) = 0 [pid 2810] setpgid(0, 0 [pid 2809] chdir("./82" [pid 2810] <... setpgid resumed>) = 0 [pid 2810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2809] <... chdir resumed>) = 0 [pid 2810] <... openat resumed>) = 3 [pid 2809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2810] write(3, "1000", 4 [pid 2809] setpgid(0, 0 [pid 2810] <... write resumed>) = 4 [pid 2809] <... setpgid resumed>) = 0 [pid 2809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2810] close(3) = 0 [pid 2811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2804] <... mount resumed>) = 0 [pid 2804] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2810] symlink("/dev/binderfs", "./binderfs" [pid 2804] <... openat resumed>) = 3 [pid 2804] chdir("./file2") = 0 [pid 2804] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2809] <... openat resumed>) = 3 [pid 2810] <... symlink resumed>) = 0 [pid 2809] write(3, "1000", 4) = 4 [pid 2810] write(1, "executing program\n", 18executing program [pid 2809] close(3 [pid 2810] <... write resumed>) = 18 [pid 2809] <... close resumed>) = 0 [pid 2810] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2810] <... futex resumed>) = 0 [pid 2810] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2809] write(1, "executing program\n", 18 [pid 2810] <... rt_sigaction resumed>NULL, 8) = 0 executing program [pid 2809] <... write resumed>) = 18 [pid 2810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2809] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... write resumed>) = 524288 [pid 2811] munmap(0x7f0ae48af000, 138412032 [pid 2810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2809] <... futex resumed>) = 0 [pid 2811] <... munmap resumed>) = 0 [pid 2810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2809] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2810] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2809] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2810] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2810] <... mprotect resumed>) = 0 [pid 2809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2811] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2809] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2810] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 2814 attached [pid 2809] <... clone3 resumed> => {parent_tid=[2814]}, 88) = 2814 [pid 2809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2809] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2815]}, 88) = 2815 [pid 2810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2810] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2810] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2815 attached [pid 2815] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2815] memfd_create("syzkaller", 0) = 3 [pid 2815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2814] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2814] memfd_create("syzkaller", 0) = 3 [pid 2814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2815] <... write resumed>) = 524288 [pid 2815] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2815] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2814] <... write resumed>) = 524288 [pid 2814] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2814] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2807] <... openat resumed>) = 4 [pid 2814] <... openat resumed>) = 4 [pid 2814] ioctl(4, LOOP_SET_FD, 3 [pid 2807] ioctl(4, LOOP_SET_FD, 3 [pid 2814] <... ioctl resumed>) = 0 [pid 2811] <... openat resumed>) = 4 [pid 2811] ioctl(4, LOOP_SET_FD, 3 [pid 2814] close(3) = 0 [pid 2814] close(4 [pid 2811] <... ioctl resumed>) = 0 [pid 2804] <... openat resumed>) = 4 [pid 2815] <... openat resumed>) = 4 [pid 2814] <... close resumed>) = 0 [pid 2811] close(3 [pid 2807] <... ioctl resumed>) = 0 [pid 2804] ioctl(4, LOOP_CLR_FD [pid 2815] ioctl(4, LOOP_SET_FD, 3 [pid 2814] mkdir("./file2", 0777 [pid 2811] <... close resumed>) = 0 [pid 2807] close(3 [pid 2804] <... ioctl resumed>) = 0 [pid 2814] <... mkdir resumed>) = 0 [pid 2811] close(4 [pid 2807] <... close resumed>) = 0 [pid 2804] close(4 [pid 2815] <... ioctl resumed>) = 0 [pid 2814] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2811] <... close resumed>) = 0 [pid 2807] close(4 [pid 2804] <... close resumed>) = 0 [pid 2815] close(3 [pid 2811] mkdir("./file2", 0777 [pid 2807] <... close resumed>) = 0 [pid 2804] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2815] <... close resumed>) = 0 [pid 2811] <... mkdir resumed>) = 0 [pid 2807] mkdir("./file2", 0777 [pid 2804] <... futex resumed>) = 1 [pid 2797] <... futex resumed>) = 0 [pid 2815] close(4 [pid 2811] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2807] <... mkdir resumed>) = 0 [pid 2804] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2797] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2815] <... close resumed>) = 0 [pid 2807] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2804] <... openat resumed>) = 4 [pid 2797] <... futex resumed>) = 0 [pid 2815] mkdir("./file2", 0777 [pid 2804] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2797] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2815] <... mkdir resumed>) = 0 [pid 2804] <... futex resumed>) = 0 [pid 2797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2815] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2804] write(4, "#! \n", 4 [pid 2797] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2804] <... write resumed>) = 4 [pid 2797] <... futex resumed>) = 0 [pid 2804] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2797] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2804] <... futex resumed>) = 0 [pid 2797] <... futex resumed>) = 0 [pid 2804] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2797] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2820]}, 88) = 2820 [pid 2797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2797] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2797] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2820 attached [pid 2820] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2820] write(4, "#! \n", 4) = 4 [pid 2820] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2804] <... futex resumed>) = 0 [pid 2797] <... futex resumed>) = 1 [pid 2804] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2797] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] <... mmap resumed>) = 0x200000000000 [pid 2804] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2797] <... futex resumed>) = 0 [pid 2820] <... futex resumed>) = 1 [pid 2811] <... mount resumed>) = 0 [pid 2797] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2811] chdir("./file2") = 0 [pid 2811] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2820] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2797] <... futex resumed>) = 0 [pid 2797] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2797] <... futex resumed>) = ? [pid 2820] <... futex resumed>) = ? [pid 2820] +++ killed by SIGBUS +++ [pid 2804] +++ killed by SIGBUS +++ [pid 2814] <... mount resumed>) = 0 [pid 2797] +++ killed by SIGBUS +++ [pid 2814] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2814] chdir("./file2") = 0 [pid 2814] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2797, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2811] <... openat resumed>) = 4 [pid 2811] ioctl(4, LOOP_CLR_FD [pid 2815] <... mount resumed>) = 0 [pid 2807] <... mount resumed>) = 0 [pid 2815] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2815] chdir("./file2") = 0 [pid 2815] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2807] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2807] chdir("./file2") = 0 [ 62.089227][ T2804] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2807] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2815] <... openat resumed>) = 4 [pid 2814] <... openat resumed>) = 4 [pid 2811] <... ioctl resumed>) = 0 [pid 2807] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 2814] ioctl(4, LOOP_CLR_FD [pid 2811] close(4 [pid 2814] <... ioctl resumed>) = 0 [pid 2811] <... close resumed>) = 0 [pid 2815] ioctl(4, LOOP_CLR_FD [pid 2814] close(4 [pid 2811] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] ioctl(4, LOOP_CLR_FD [pid 2815] <... ioctl resumed>) = 0 [pid 2814] <... close resumed>) = 0 [pid 2811] <... futex resumed>) = 1 [pid 2808] <... futex resumed>) = 0 [pid 2807] <... ioctl resumed>) = 0 [pid 290] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2815] close(4 [pid 2814] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2808] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] close(4 [pid 2814] <... futex resumed>) = 1 [pid 2809] <... futex resumed>) = 0 [pid 2808] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2815] <... close resumed>) = 0 [pid 2814] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2811] <... openat resumed>) = 4 [pid 2809] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2807] <... close resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./84/file2", [pid 2815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2814] <... openat resumed>) = 4 [pid 2811] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] <... futex resumed>) = 0 [pid 2807] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2815] <... futex resumed>) = 1 [pid 2814] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... futex resumed>) = 1 [pid 2810] <... futex resumed>) = 0 [pid 2809] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2808] <... futex resumed>) = 0 [pid 2807] <... futex resumed>) = 1 [pid 2806] <... futex resumed>) = 0 [pid 2815] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2814] <... futex resumed>) = 0 [pid 2811] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2810] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2808] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2806] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2814] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2815] <... openat resumed>) = 4 [pid 2814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2810] <... futex resumed>) = 0 [pid 2809] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] <... futex resumed>) = 0 [pid 2806] <... futex resumed>) = 0 [pid 2814] write(4, "#! \n", 4 [pid 2811] write(4, "#! \n", 4 [pid 2810] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2809] <... futex resumed>) = 0 [pid 2808] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2815] <... futex resumed>) = 0 [pid 2814] <... write resumed>) = 4 [pid 2811] <... write resumed>) = 4 [pid 2810] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] <... futex resumed>) = 0 [pid 2807] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2815] write(4, "#! \n", 4 [pid 2814] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2810] <... futex resumed>) = 0 [pid 2809] <... futex resumed>) = 0 [pid 2808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2807] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2815] <... write resumed>) = 4 [pid 2814] <... futex resumed>) = 0 [pid 2810] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2814] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2811] <... futex resumed>) = 0 [pid 2810] <... futex resumed>) = 0 [pid 2809] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2808] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2807] <... futex resumed>) = 1 [pid 2806] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2815] <... futex resumed>) = 0 [pid 2811] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2809] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2808] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2807] write(4, "#! \n", 4 [pid 2806] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2815] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2810] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2809] <... mprotect resumed>) = 0 [pid 2808] <... mprotect resumed>) = 0 [pid 2806] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 2807] <... write resumed>) = 4 [pid 2810] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2806] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2810] <... mprotect resumed>) = 0 [pid 2809] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2806] <... futex resumed>) = 0 [pid 2808] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2809] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2807] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] newfstatat(4, "", [pid 2810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2807] <... futex resumed>) = 0 [pid 2806] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2806] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 2829 attached [pid 2829] set_robust_list(0x7f0aeccae9a0, 24 [pid 2808] <... clone3 resumed> => {parent_tid=[2829]}, 88) = 2829 [pid 2809] <... clone3 resumed> => {parent_tid=[2830]}, 88) = 2830 [pid 2806] <... mprotect resumed>) = 0 [pid 2810] <... clone3 resumed> => {parent_tid=[2831]}, 88) = 2831 [pid 2809] rt_sigprocmask(SIG_SETMASK, [], [pid 2810] rt_sigprocmask(SIG_SETMASK, [], [pid 2808] rt_sigprocmask(SIG_SETMASK, [], [pid 2807] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2806] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] getdents64(4, [pid 2810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2806] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2810] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2810] <... futex resumed>) = 0 [pid 2809] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2810] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2809] <... futex resumed>) = 0 [pid 2808] <... futex resumed>) = 0 [pid 290] getdents64(4, [pid 2829] <... set_robust_list resumed>) = 0 [pid 2809] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2808] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2806] <... clone3 resumed> => {parent_tid=[2832]}, 88) = 2832 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2806] rt_sigprocmask(SIG_SETMASK, [], [pid 2829] rt_sigprocmask(SIG_SETMASK, [], [pid 2806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] close(4 [pid 2829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2806] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 2806] <... futex resumed>) = 0 [pid 2829] write(4, "#! \n", 4 [pid 2806] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] rmdir("./84/file2" [pid 2829] <... write resumed>) = 4 [pid 2829] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] <... futex resumed>) = 0 [pid 2808] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] <... futex resumed>) = 0 [pid 2808] <... futex resumed>) = 1 [pid 2811] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2808] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2811] <... mmap resumed>) = 0x200000000000 [pid 2811] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2808] <... futex resumed>) = 0 [pid 2829] <... futex resumed>) = 1 [pid 2811] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2829] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2808] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2832 attached ./strace-static-x86_64: Process 2831 attached ./strace-static-x86_64: Process 2830 attached [pid 290] <... rmdir resumed>) = 0 [pid 2832] set_robust_list(0x7f0aeccae9a0, 24 [pid 2831] set_robust_list(0x7f0aeccae9a0, 24 [pid 2830] set_robust_list(0x7f0aeccae9a0, 24 [pid 290] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2832] <... set_robust_list resumed>) = 0 [pid 2831] <... set_robust_list resumed>) = 0 [pid 2830] <... set_robust_list resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2832] rt_sigprocmask(SIG_SETMASK, [], [pid 2831] rt_sigprocmask(SIG_SETMASK, [], [pid 2830] rt_sigprocmask(SIG_SETMASK, [], [pid 290] newfstatat(AT_FDCWD, "./84/binderfs", [pid 2832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2832] write(4, "#! \n", 4 [pid 2831] write(4, "#! \n", 4 [pid 2830] write(4, "#! \n", 4 [pid 290] unlink("./84/binderfs" [pid 2832] <... write resumed>) = 4 [pid 2831] <... write resumed>) = 4 [pid 2830] <... write resumed>) = 4 [pid 290] <... unlink resumed>) = 0 [pid 2832] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2831] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2830] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2811] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2808] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] getdents64(3, [pid 2830] <... futex resumed>) = 1 [pid 2829] <... futex resumed>) = ? [pid 2809] <... futex resumed>) = 0 [pid 2808] <... futex resumed>) = ? [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2832] <... futex resumed>) = 1 [pid 2830] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2829] +++ killed by SIGBUS +++ [pid 2809] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2806] <... futex resumed>) = 0 [pid 290] close(3 [pid 2832] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2831] <... futex resumed>) = 1 [pid 2814] <... futex resumed>) = 0 [pid 2811] +++ killed by SIGBUS +++ [pid 2810] <... futex resumed>) = 0 [pid 2809] <... futex resumed>) = 1 [pid 2808] +++ killed by SIGBUS +++ [pid 2806] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 2814] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2810] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2807] <... futex resumed>) = 0 [pid 2806] <... futex resumed>) = 1 [pid 290] rmdir("./84" [pid 2815] <... futex resumed>) = 0 [pid 2814] <... mmap resumed>) = 0x200000000000 [pid 2810] <... futex resumed>) = 1 [pid 2807] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2806] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2808, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 2814] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 2814] <... futex resumed>) = 1 [pid 2809] <... futex resumed>) = 0 [pid 2814] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2809] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 2814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2809] <... futex resumed>) = 0 [pid 2831] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2815] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2810] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2807] <... mmap resumed>) = 0x200000000000 [pid 290] mkdir("./85", 0777 [pid 2815] <... mmap resumed>) = 0x200000000000 [pid 2807] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... mkdir resumed>) = 0 [pid 2815] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] <... futex resumed>) = 1 [pid 2806] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2815] <... futex resumed>) = 1 [pid 2810] <... futex resumed>) = 0 [pid 2807] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2806] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 3 [pid 2815] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2810] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2806] <... futex resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 2815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2814] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2810] <... futex resumed>) = 0 [pid 2809] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 2830] <... futex resumed>) = ? [pid 2809] <... futex resumed>) = ? [pid 2830] +++ killed by SIGBUS +++ [pid 2814] +++ killed by SIGBUS +++ [pid 2809] +++ killed by SIGBUS +++ [pid 289] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2809, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 62.191564][ T2811] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 62.209648][ T2814] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 62.213251][ T2807] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 2810] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2806] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2832] <... futex resumed>) = ? [pid 290] close(3 [pid 2832] +++ killed by SIGBUS +++ [pid 290] <... close resumed>) = 0 [pid 2807] +++ killed by SIGBUS +++ [pid 2806] +++ killed by SIGBUS +++ [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2834 ./strace-static-x86_64: Process 2834 attached [pid 2834] set_robust_list(0x555594a056a0, 24) = 0 [pid 2834] chdir("./85") = 0 [pid 2834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2834] setpgid(0, 0) = 0 [pid 2834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2834] write(3, "1000", 4) = 4 [pid 2834] close(3) = 0 [pid 2834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2834] write(1, "executing program\n", 18) = 18 [pid 2834] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2834] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2834] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2835]}, 88) = 2835 [pid 2834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2834] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2834] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2835 attached [pid 2835] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2835] memfd_create("syzkaller", 0) = 3 [pid 2835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2835] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2835] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2835] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2806, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2835] <... ioctl resumed>) = 0 [pid 2835] close(3) = 0 [pid 2835] close(4) = 0 [pid 2835] mkdir("./file2", 0777) = 0 [pid 2835] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2831] <... futex resumed>) = ? [pid 2810] <... futex resumed>) = ? [pid 2831] +++ killed by SIGBUS +++ [pid 2815] +++ killed by SIGBUS +++ [pid 2810] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2810, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2835] <... mount resumed>) = 0 [pid 2835] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2835] chdir("./file2") = 0 [ 62.227485][ T2815] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2835] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./82/file2") = 0 [pid 291] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./82/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./82") = 0 [pid 291] mkdir("./83", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./86/file2") = 0 [pid 287] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./86/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./86") = 0 [pid 287] mkdir("./87", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2839 ./strace-static-x86_64: Process 2839 attached [pid 2839] set_robust_list(0x555594a056a0, 24) = 0 [pid 2835] <... openat resumed>) = 4 [pid 2839] chdir("./87") = 0 [pid 2839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2835] ioctl(4, LOOP_CLR_FD executing program [pid 289] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2835] <... ioctl resumed>) = 0 [pid 288] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2835] close(4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2835] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2839] <... prctl resumed>) = 0 [pid 2839] setpgid(0, 0) = 0 [pid 2839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2839] write(3, "1000", 4) = 4 [pid 2839] close(3) = 0 [pid 2839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2839] write(1, "executing program\n", 18) = 18 [pid 2839] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2839] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2839] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2840]}, 88) = 2840 [pid 2839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2839] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2839] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2840 attached [pid 2840] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2840] memfd_create("syzkaller", 0) = 3 [pid 2840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2835] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] newfstatat(AT_FDCWD, "./81/file2", [pid 2835] <... futex resumed>) = 1 [pid 2834] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./81/file2", [pid 2835] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2834] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2834] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2835] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2834] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2835] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2835] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 3 [pid 289] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2835] <... futex resumed>) = 1 [pid 2834] <... futex resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 2835] write(4, "#! \n", 4 [pid 2834] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", [pid 2835] <... write resumed>) = 4 [pid 2834] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2835] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2834] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] newfstatat(4, "", [pid 2835] <... futex resumed>) = 0 [pid 2834] <... futex resumed>) = 0 [pid 288] getdents64(4, [pid 2835] write(4, "#! \n", 4 [pid 2834] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2835] <... write resumed>) = 4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2835] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2834] <... futex resumed>) = 0 [pid 2835] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2834] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 2835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2834] <... futex resumed>) = 0 [pid 2835] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2834] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2835] <... mmap resumed>) = 0x200000000000 [pid 291] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 2840] <... write resumed>) = 524288 [pid 2840] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2840] close(3) = 0 [pid 2840] close(4) = 0 [pid 2840] mkdir("./file2", 0777) = 0 [pid 2840] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2835] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(4 [pid 2835] <... futex resumed>) = 1 [pid 2834] <... futex resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2834] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2842 ./strace-static-x86_64: Process 2842 attached [pid 2842] set_robust_list(0x555594a056a0, 24) = 0 [pid 2842] chdir("./83") = 0 [pid 2842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2842] setpgid(0, 0) = 0 [pid 2842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2842] write(3, "1000", 4) = 4 [pid 2842] close(3) = 0 executing program [pid 2842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2842] write(1, "executing program\n", 18) = 18 [pid 2842] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2842] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2843]}, 88) = 2843 [pid 2842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2843 attached [pid 2843] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2843] memfd_create("syzkaller", 0 [pid 289] close(4 [pid 2834] <... futex resumed>) = 0 [pid 288] rmdir("./81/file2" [pid 2834] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... close resumed>) = 0 [pid 2843] <... memfd_create resumed>) = 3 [pid 288] <... rmdir resumed>) = 0 [pid 2843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 288] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2843] <... mmap resumed>) = 0x7f0ae48af000 [pid 2835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] rmdir("./81/file2") = 0 [pid 289] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./81/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./81") = 0 [pid 289] mkdir("./82", 0777 [pid 2843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 288] newfstatat(AT_FDCWD, "./81/binderfs", [pid 289] <... mkdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] unlink("./81/binderfs" [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] <... unlink resumed>) = 0 [pid 289] close(3 [pid 2843] <... write resumed>) = 524288 [pid 2834] <... futex resumed>) = ? [pid 289] <... close resumed>) = 0 [pid 288] getdents64(3, [pid 2843] munmap(0x7f0ae48af000, 138412032 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2843] <... munmap resumed>) = 0 [pid 288] close(3 [pid 2843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... close resumed>) = 0 [pid 2843] <... openat resumed>) = 4 [pid 288] rmdir("./81" [pid 2843] ioctl(4, LOOP_SET_FD, 3 [pid 288] <... rmdir resumed>) = 0 [pid 288] mkdir("./82", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2843] <... ioctl resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 2843] close(3 [pid 2840] <... mount resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2847 [pid 288] ioctl(3, LOOP_CLR_FD [pid 2840] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2843] <... close resumed>) = 0 [pid 2840] <... openat resumed>) = 3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2843] close(4 [pid 2840] chdir("./file2" [pid 2843] <... close resumed>) = 0 [pid 2840] <... chdir resumed>) = 0 [pid 288] close(3./strace-static-x86_64: Process 2847 attached [pid 2843] mkdir("./file2", 0777 [pid 2840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2835] +++ killed by SIGBUS +++ [pid 2834] +++ killed by SIGBUS +++ [pid 288] <... close resumed>) = 0 [pid 2847] set_robust_list(0x555594a056a0, 24 [pid 2843] <... mkdir resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2847] <... set_robust_list resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2834, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 2847] chdir("./82") = 0 [pid 2847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 2843] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2847] setpgid(0, 0) = 0 [pid 2847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2848 [pid 2847] <... openat resumed>) = 3 ./strace-static-x86_64: Process 2848 attached [pid 2847] write(3, "1000", 4) = 4 [pid 2847] close(3) = 0 [pid 2847] symlink("/dev/binderfs", "./binderfs" [pid 2848] set_robust_list(0x555594a056a0, 24 [pid 2847] <... symlink resumed>) = 0 [pid 2848] <... set_robust_list resumed>) = 0 executing program [pid 2847] write(1, "executing program\n", 18) = 18 [pid 2847] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2848] chdir("./82" [pid 2847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2847] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2848] <... chdir resumed>) = 0 [pid 2847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 2849 attached => {parent_tid=[2849]}, 88) = 2849 [pid 2849] set_robust_list(0x7f0aecccf9a0, 24 [pid 2848] setpgid(0, 0 [pid 2847] rt_sigprocmask(SIG_SETMASK, [], [pid 2849] <... set_robust_list resumed>) = 0 [pid 2848] <... setpgid resumed>) = 0 [pid 2847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2849] rt_sigprocmask(SIG_SETMASK, [], [pid 2847] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2849] memfd_create("syzkaller", 0 [pid 2848] <... openat resumed>) = 3 [pid 2848] write(3, "1000", 4) = 4 [pid 2848] close(3) = 0 [pid 2849] <... memfd_create resumed>) = 3 [pid 2848] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2848] write(1, "executing program\n", 18 [pid 2849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2848] <... write resumed>) = 18 [pid 2848] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2848] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2849] <... mmap resumed>) = 0x7f0ae48af000 [pid 2848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2848] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2850]}, 88) = 2850 [pid 2848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2848] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2848] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2850 attached [pid 2850] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2850] memfd_create("syzkaller", 0) = 3 [pid 2850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2850] <... write resumed>) = 524288 [pid 2850] munmap(0x7f0ae48af000, 138412032 [pid 2849] <... write resumed>) = 524288 [pid 2850] <... munmap resumed>) = 0 [pid 2850] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2849] munmap(0x7f0ae48af000, 138412032) = 0 [ 62.481284][ T2835] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2849] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2840] <... openat resumed>) = 4 [pid 2840] ioctl(4, LOOP_CLR_FD) = 0 [pid 2840] close(4) = 0 [pid 2840] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2839] <... futex resumed>) = 0 [pid 2840] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2839] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... openat resumed>) = 4 [pid 2839] <... futex resumed>) = 0 [pid 2840] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2839] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2840] <... futex resumed>) = 0 [pid 2839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2840] write(4, "#! \n", 4 [pid 2839] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... write resumed>) = 4 [pid 2839] <... futex resumed>) = 0 [pid 2840] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2839] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... futex resumed>) = 0 [pid 2839] <... futex resumed>) = 0 [pid 2840] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2839] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2851]}, 88) = 2851 [pid 2839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2839] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2839] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2851 attached [pid 2851] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2851] write(4, "#! \n", 4) = 4 [pid 2851] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2839] <... futex resumed>) = 0 [pid 2839] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2840] <... futex resumed>) = 0 [pid 2839] <... futex resumed>) = 1 [pid 2840] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2839] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2851] <... futex resumed>) = 1 [pid 2840] <... mmap resumed>) = 0x200000000000 [pid 2851] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2840] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2839] <... futex resumed>) = 0 [pid 2839] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2839] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2840] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2839] <... futex resumed>) = ? [pid 2851] <... futex resumed>) = ? [pid 2851] +++ killed by SIGBUS +++ [pid 2840] +++ killed by SIGBUS +++ [pid 2839] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2839, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2843] <... mount resumed>) = 0 [pid 2843] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2843] chdir("./file2") = 0 [pid 2843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2850] <... openat resumed>) = 4 [pid 2849] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 2850] ioctl(4, LOOP_SET_FD, 3 [pid 2849] ioctl(4, LOOP_SET_FD, 3 [pid 287] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./87/file2" [pid 2849] <... ioctl resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 2843] <... openat resumed>) = 4 [pid 287] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./87/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./87" [pid 2843] ioctl(4, LOOP_CLR_FD [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./88", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2849] close(3) = 0 [pid 2849] close(4) = 0 [pid 2849] mkdir("./file2", 0777) = 0 [pid 2843] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2849] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2843] close(4 [pid 290] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./85/file2", [pid 2850] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = 0 [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2856 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./85/file2") = 0 [pid 290] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./85/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./85") = 0 [pid 290] mkdir("./86", 0777 [pid 2850] close(3 [pid 2843] <... close resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2857 [pid 2850] <... close resumed>) = 0 [pid 2843] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2850] close(4 [pid 2843] <... futex resumed>) = 1 [pid 2842] <... futex resumed>) = 0 [pid 2843] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2842] <... futex resumed>) = 0 [pid 2843] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2843] <... openat resumed>) = 4 [pid 2843] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2842] <... futex resumed>) = 0 [pid 2843] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] write(4, "#! \n", 4 [pid 2842] <... futex resumed>) = 0 [pid 2843] <... write resumed>) = 4 [pid 2842] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2842] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2857 attached ./strace-static-x86_64: Process 2856 attached [pid 2843] <... futex resumed>) = 0 [pid 2842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2843] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2842] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2858]}, 88) = 2858 [pid 2842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2842] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] set_robust_list(0x555594a056a0, 24 [pid 2857] set_robust_list(0x555594a056a0, 24) = 0 [pid 2856] <... set_robust_list resumed>) = 0 [pid 2857] chdir("./86") = 0 [pid 2856] chdir("./88" [pid 2857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2857] setpgid(0, 0) = 0 [pid 2856] <... chdir resumed>) = 0 [pid 2857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 2858 attached [pid 2856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2858] set_robust_list(0x7f0aeccae9a0, 24 [pid 2857] <... openat resumed>) = 3 [pid 2856] <... prctl resumed>) = 0 [pid 2858] <... set_robust_list resumed>) = 0 [pid 2857] write(3, "1000", 4 [pid 2849] <... mount resumed>) = 0 [pid 2857] <... write resumed>) = 4 [pid 2849] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2857] close(3 [pid 2849] <... openat resumed>) = 3 [pid 2857] <... close resumed>) = 0 [pid 2849] chdir("./file2" [pid 2857] symlink("/dev/binderfs", "./binderfs" [pid 2849] <... chdir resumed>) = 0 [pid 2857] <... symlink resumed>) = 0 [pid 2849] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 2857] write(1, "executing program\n", 18) = 18 [pid 2857] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2857] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2861]}, 88) = 2861 [pid 2857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2861 attached [pid 2861] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2861] memfd_create("syzkaller", 0) = 3 [pid 2861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2856] setpgid(0, 0 [pid 2858] rt_sigprocmask(SIG_SETMASK, [], [pid 2856] <... setpgid resumed>) = 0 [pid 2858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2858] write(4, "#! \n", 4 [pid 2856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2858] <... write resumed>) = 4 [pid 2856] <... openat resumed>) = 3 [pid 2858] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2856] write(3, "1000", 4 [pid 2842] <... futex resumed>) = 0 [pid 2842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] <... futex resumed>) = 0 [pid 2842] <... futex resumed>) = 1 [pid 2843] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2843] <... mmap resumed>) = 0x200000000000 [pid 2843] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2842] <... futex resumed>) = 0 [pid 2843] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 62.553990][ T2840] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters executing program [pid 2842] <... futex resumed>) = 0 [pid 2861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2858] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2856] <... write resumed>) = 4 [pid 2856] close(3) = 0 [pid 2856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2856] write(1, "executing program\n", 18) = 18 [pid 2856] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2856] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2856] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2862]}, 88) = 2862 [pid 2856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2856] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2856] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2861] <... write resumed>) = 524288 [pid 2861] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2861] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2842] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2862 attached [pid 2862] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2862] memfd_create("syzkaller", 0) = 3 [pid 2862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2862] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2862] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2843] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2858] <... futex resumed>) = ? [pid 2842] <... futex resumed>) = ? [pid 2858] +++ killed by SIGBUS +++ [pid 2843] +++ killed by SIGBUS +++ [pid 2842] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2842, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2862] <... openat resumed>) = 4 [pid 2861] <... openat resumed>) = 4 [pid 2850] <... close resumed>) = 0 [pid 2849] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2861] ioctl(4, LOOP_SET_FD, 3 [pid 2850] mkdir("./file2", 0777 [pid 2849] ioctl(4, LOOP_CLR_FD [pid 291] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2850] <... mkdir resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 2850] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] newfstatat(3, "", [pid 2862] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2861] <... ioctl resumed>) = 0 [pid 2849] <... ioctl resumed>) = 0 [pid 291] getdents64(3, [pid 2861] close(3 [pid 2849] close(4 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2861] <... close resumed>) = 0 [pid 2861] close(4 [pid 291] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2862] <... ioctl resumed>) = 0 [pid 2862] close(3 [pid 2849] <... close resumed>) = 0 [pid 2862] <... close resumed>) = 0 [pid 2862] close(4 [pid 2849] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] <... futex resumed>) = 0 [pid 2849] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2847] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2850] <... mount resumed>) = 0 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2849] <... openat resumed>) = 4 [pid 2850] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2849] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2849] write(4, "#! \n", 4 [pid 2847] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2849] <... write resumed>) = 4 [pid 2847] <... mprotect resumed>) = 0 [pid 2849] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2850] <... openat resumed>) = 3 [pid 2849] <... futex resumed>) = 0 [pid 2847] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2849] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2867]}, 88) = 2867 [pid 2847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2847] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2867 attached [pid 2850] chdir("./file2" [pid 2867] set_robust_list(0x7f0aeccae9a0, 24 [pid 2850] <... chdir resumed>) = 0 [pid 2850] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2867] <... set_robust_list resumed>) = 0 [pid 2867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2867] write(4, "#! \n", 4) = 4 [pid 2867] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] <... futex resumed>) = 0 [pid 2867] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2847] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2849] <... futex resumed>) = 0 [pid 2847] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2849] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2849] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] <... futex resumed>) = 0 [pid 2849] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2847] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2849] <... futex resumed>) = 0 [pid 2847] <... futex resumed>) = 1 [ 62.615034][ T2843] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2847] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2867] <... futex resumed>) = ? [pid 2847] <... futex resumed>) = ? [pid 2849] +++ killed by SIGBUS +++ [pid 2867] +++ killed by SIGBUS +++ [pid 2847] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2847, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2861] <... close resumed>) = 0 [pid 2861] mkdir("./file2", 0777) = 0 [ 62.653987][ T2849] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2861] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2862] <... close resumed>) = 0 [pid 2862] mkdir("./file2", 0777) = 0 [pid 2862] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"executing program [pid 2850] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 2850] ioctl(4, LOOP_CLR_FD [pid 291] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./82/file2") = 0 [pid 289] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./82/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./82") = 0 [pid 289] mkdir("./83", 0777 [pid 2850] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... mkdir resumed>) = 0 [pid 2850] close(4 [pid 291] newfstatat(AT_FDCWD, "./83/file2", [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2868 ./strace-static-x86_64: Process 2868 attached [pid 2868] set_robust_list(0x555594a056a0, 24) = 0 [pid 2868] chdir("./83") = 0 [pid 2868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2868] setpgid(0, 0) = 0 [pid 2868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2868] write(3, "1000", 4) = 4 [pid 2868] close(3) = 0 [pid 2868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2868] write(1, "executing program\n", 18) = 18 [pid 2868] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2868] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2869]}, 88) = 2869 [pid 2850] <... close resumed>) = 0 [pid 2868] rt_sigprocmask(SIG_SETMASK, [], [pid 2850] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2850] <... futex resumed>) = 1 [pid 2848] <... futex resumed>) = 0 [pid 2850] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2848] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2850] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2848] <... futex resumed>) = 0 [pid 2868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2869 attached [pid 2869] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2848] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2869] memfd_create("syzkaller", 0) = 3 [pid 2869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2850] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 2850] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] newfstatat(4, "", [pid 2850] <... futex resumed>) = 1 [pid 2848] <... futex resumed>) = 0 [pid 2850] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2848] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2848] <... futex resumed>) = 0 [pid 2850] write(4, "#! \n", 4 [pid 2848] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 2850] <... write resumed>) = 4 [pid 2848] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2850] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] getdents64(4, [pid 2850] <... futex resumed>) = 0 [pid 2848] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2850] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2848] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] close(4 [pid 2848] <... mprotect resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 2848] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] rmdir("./83/file2" [pid 2848] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2848] <... clone3 resumed> => {parent_tid=[2873]}, 88) = 2873 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2848] rt_sigprocmask(SIG_SETMASK, [], [pid 291] newfstatat(AT_FDCWD, "./83/binderfs", [pid 2848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2848] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] unlink("./83/binderfs" [pid 2848] <... futex resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 2848] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 2869] <... write resumed>) = 524288 [pid 2869] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2869] ioctl(4, LOOP_SET_FD, 3 [pid 291] rmdir("./83") = 0 [pid 291] mkdir("./84", 0777 [pid 2869] <... ioctl resumed>) = 0 [pid 2869] close(3) = 0 [pid 2869] close(4) = 0 [pid 2869] mkdir("./file2", 0777) = 0 [pid 2869] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2861] <... mount resumed>) = 0 [pid 2861] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2861] chdir("./file2") = 0 [pid 2861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2861] ioctl(4, LOOP_CLR_FD) = 0 [pid 2861] close(4) = 0 [pid 2861] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] <... futex resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2875 [pid 2857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2857] <... futex resumed>) = 0 [pid 2857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2861] <... openat resumed>) = 4 [pid 2861] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] <... futex resumed>) = 0 [pid 2861] write(4, "#! \n", 4 [pid 2857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... write resumed>) = 4 [pid 2857] <... futex resumed>) = 0 [pid 2861] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2857] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... futex resumed>) = 0 [pid 2857] <... futex resumed>) = 0 [pid 2861] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2857] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2877]}, 88) = 2877 [pid 2857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2857] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2873 attached [pid 2873] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2873] write(4, "#! \n", 4) = 4 [pid 2873] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2848] <... futex resumed>) = 0 [pid 2848] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2850] <... futex resumed>) = 0 [pid 2848] <... futex resumed>) = 1 [pid 2850] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2848] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2850] <... mmap resumed>) = 0x200000000000 [pid 2850] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2848] <... futex resumed>) = 0 [pid 2850] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2848] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2848] <... futex resumed>) = 0 [pid 2873] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2875 attached [pid 2875] set_robust_list(0x555594a056a0, 24) = 0 [pid 2875] chdir("./84") = 0 [pid 2875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2875] setpgid(0, 0) = 0 [pid 2875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2875] write(3, "1000", 4) = 4 [pid 2875] close(3) = 0 [pid 2875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2875] write(1, "executing program\n", 18executing program ) = 18 [pid 2875] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2875] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2878]}, 88) = 2878 [pid 2875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2875] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2875] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2878 attached [pid 2878] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2878] memfd_create("syzkaller", 0) = 3 [pid 2878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2848] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2878] <... write resumed>) = 524288 [pid 2878] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2878] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2878] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2877 attached [pid 2869] <... mount resumed>) = 0 [pid 2877] set_robust_list(0x7f0aeccae9a0, 24 [pid 2862] <... mount resumed>) = 0 [pid 2877] <... set_robust_list resumed>) = 0 [pid 2862] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2877] rt_sigprocmask(SIG_SETMASK, [], [pid 2862] <... openat resumed>) = 3 [pid 2877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2869] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2877] write(4, "#! \n", 4 [pid 2869] <... openat resumed>) = 3 [pid 2862] chdir("./file2" [pid 2877] <... write resumed>) = 4 [pid 2869] chdir("./file2" [pid 2862] <... chdir resumed>) = 0 [pid 2877] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... chdir resumed>) = 0 [pid 2862] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2877] <... futex resumed>) = 1 [pid 2873] <... futex resumed>) = ? [pid 2848] <... futex resumed>) = ? [pid 2873] +++ killed by SIGBUS +++ [pid 2857] <... futex resumed>) = 0 [pid 2850] +++ killed by SIGBUS +++ [pid 2848] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2848, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2878] <... ioctl resumed>) = 0 [pid 2878] close(3) = 0 [pid 2878] close(4 [pid 2869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2862] <... openat resumed>) = 4 [pid 2862] ioctl(4, LOOP_CLR_FD) = 0 [pid 2862] close(4) = 0 [pid 2862] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... openat resumed>) = 4 [pid 2862] <... futex resumed>) = 1 [pid 2856] <... futex resumed>) = 0 [pid 2869] ioctl(4, LOOP_CLR_FD [pid 2862] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2856] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... ioctl resumed>) = 0 [pid 2862] <... openat resumed>) = 4 [pid 2856] <... futex resumed>) = 0 [pid 2869] close(4 [pid 2862] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2856] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2869] <... close resumed>) = 0 [pid 2862] <... futex resumed>) = 0 [pid 2856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2869] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] write(4, "#! \n", 4 [pid 2856] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... futex resumed>) = 1 [pid 2868] <... futex resumed>) = 0 [pid 2862] <... write resumed>) = 4 [pid 2857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2856] <... futex resumed>) = 0 [pid 2877] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2857] <... futex resumed>) = 1 [pid 2869] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... futex resumed>) = 0 [pid 2856] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... openat resumed>) = 4 [pid 2868] <... futex resumed>) = 0 [pid 2862] <... futex resumed>) = 0 [pid 2861] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2869] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2862] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2861] <... mmap resumed>) = 0x200000000000 [pid 2856] <... futex resumed>) = 0 [pid 2869] <... futex resumed>) = 0 [pid 2868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2861] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 2869] write(4, "#! \n", 4 [pid 2868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... futex resumed>) = 0 [pid 2857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2856] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2869] <... write resumed>) = 4 [pid 2868] <... futex resumed>) = 0 [pid 2861] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2857] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2856] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2869] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2857] <... futex resumed>) = 0 [pid 2856] <... mprotect resumed>) = 0 [pid 2869] <... futex resumed>) = 0 [pid 2868] <... futex resumed>) = 0 [pid 2857] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2856] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2869] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2868] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2868] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2882]}, 88) = 2882 [pid 2868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2868] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2856] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2883]}, 88) = 2883 [pid 2856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2856] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2856] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2882 attached [pid 2882] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2882] write(4, "#! \n", 4) = 4 [pid 2882] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... futex resumed>) = 0 [pid 2868] <... futex resumed>) = 1 [pid 2869] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2868] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2869] <... mmap resumed>) = 0x200000000000 [pid 2869] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2868] <... futex resumed>) = 0 [pid 2869] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2868] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2868] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2883 attached [pid 2882] <... futex resumed>) = 1 [pid 2861] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2883] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2883] write(4, "#! \n", 4) = 4 [pid 2883] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2856] <... futex resumed>) = 0 [pid 2883] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2856] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] <... futex resumed>) = 0 [pid 2856] <... futex resumed>) = 1 [pid 2862] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2856] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2862] <... mmap resumed>) = 0x200000000000 [pid 2862] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2856] <... futex resumed>) = 0 [ 62.857643][ T2850] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 62.888632][ T2861] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2862] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2856] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2856] <... futex resumed>) = 0 [pid 2882] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2877] <... futex resumed>) = ? [pid 2869] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2857] <... futex resumed>) = ? [pid 2882] <... futex resumed>) = ? [pid 2877] +++ killed by SIGBUS +++ [pid 2861] +++ killed by SIGBUS +++ [pid 2857] +++ killed by SIGBUS +++ [pid 2869] +++ killed by SIGBUS +++ [pid 2882] +++ killed by SIGBUS +++ [pid 2868] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2868, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2857, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2856] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 2862] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2883] <... futex resumed>) = ? [pid 2856] <... futex resumed>) = ? [pid 289] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 2883] +++ killed by SIGBUS +++ [pid 289] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2862] +++ killed by SIGBUS +++ [pid 2856] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2856, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2878] <... close resumed>) = 0 [pid 2878] mkdir("./file2", 0777) = 0 [ 62.893966][ T2869] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 62.906829][ T2862] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2878] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue") = 0 [pid 2878] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2878] chdir("./file2") = 0 [pid 2878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./82/file2") = 0 [pid 288] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./82/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./82") = 0 [pid 288] mkdir("./83", 0777) = 0 [ 63.028787][ T2878] EXT4-fs mount: 245 callbacks suppressed [ 63.028799][ T2878] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2878] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 2878] ioctl(4, LOOP_CLR_FD [pid 289] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 2878] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2878] close(4 [pid 289] newfstatat(AT_FDCWD, "./83/file2", [pid 2878] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2878] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 2878] <... futex resumed>) = 1 [pid 2875] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2878] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2875] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2875] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./86/file2", [pid 289] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2878] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2875] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(4, "", [pid 288] close(3 [pid 2878] <... openat resumed>) = 4 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2878] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 289] getdents64(4, [pid 288] <... close resumed>) = 0 [pid 2878] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2878] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./83/file2") = 0 [pid 289] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./83/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 2875] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] newfstatat(AT_FDCWD, "./88/file2", [pid 2875] <... futex resumed>) = 1 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] rmdir("./83" [pid 2875] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... rmdir resumed>) = 0 [pid 2875] <... futex resumed>) = 0 [pid 289] mkdir("./84", 0777 [pid 2875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... mkdir resumed>) = 0 [pid 2875] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2875] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] <... openat resumed>) = 3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2875] <... mprotect resumed>) = 0 [pid 290] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2886 [pid 2878] <... futex resumed>) = 0 [pid 287] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2875] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... openat resumed>) = 4 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2875] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] close(3 [pid 2875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... close resumed>) = 0 [pid 2878] write(4, "#! \n", 4 [pid 290] newfstatat(4, "", [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2878] <... write resumed>) = 4 [pid 2875] <... clone3 resumed> => {parent_tid=[2887]}, 88) = 2887 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2875] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2888 [pid 2875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2878] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2875] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 287] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2878] <... futex resumed>) = 0 [pid 2875] <... futex resumed>) = 0 [pid 2875] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2886 attached [pid 2886] set_robust_list(0x555594a056a0, 24) = 0 [pid 2886] chdir("./83") = 0 [pid 2886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2886] setpgid(0, 0) = 0 [pid 2878] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... openat resumed>) = 4 [pid 290] getdents64(4, [pid 287] newfstatat(4, "", [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] close(4 [pid 287] getdents64(4, [pid 290] <... close resumed>) = 0 [pid 2886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] rmdir("./86/file2" [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2886] <... openat resumed>) = 3 [pid 2886] write(3, "1000", 4 [pid 290] <... rmdir resumed>) = 0 [pid 287] getdents64(4, [pid 290] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(4 [pid 2886] <... write resumed>) = 4 [pid 290] newfstatat(AT_FDCWD, "./86/binderfs", [pid 287] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] rmdir("./88/file2" [pid 290] unlink("./86/binderfs" [pid 2886] close(3) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 287] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2886] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2886] write(1, "executing program\n", 18 [pid 287] newfstatat(AT_FDCWD, "./88/binderfs", [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] close(3 [pid 287] unlink("./88/binderfs" [pid 290] <... close resumed>) = 0 [pid 2886] <... write resumed>) = 18 [pid 290] rmdir("./86" [pid 287] <... unlink resumed>) = 0 [pid 2886] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 287] getdents64(3, [pid 2886] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2886] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 290] mkdir("./87", 0777 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3 [pid 2886] <... clone3 resumed> => {parent_tid=[2889]}, 88) = 2889 [pid 290] <... mkdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 2886] rt_sigprocmask(SIG_SETMASK, [], [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] rmdir("./88" [pid 2886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2886] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] <... openat resumed>) = 3 [pid 287] <... rmdir resumed>) = 0 [pid 2886] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] mkdir("./89", 0777./strace-static-x86_64: Process 2887 attached [pid 2887] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] close(3 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] close(3 [pid 2887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] <... close resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2890 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2887] write(4, "#! \n", 4) = 4 [pid 2887] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2875] <... futex resumed>) = 0 [pid 2875] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2878] <... futex resumed>) = 0 [pid 2875] <... futex resumed>) = 1 [pid 2878] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2875] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2891 [pid 2878] <... mmap resumed>) = 0x200000000000 [pid 2887] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2891 attached [pid 2891] set_robust_list(0x555594a056a0, 24) = 0 [pid 2891] chdir("./89") = 0 [pid 2891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2891] setpgid(0, 0) = 0 [pid 2891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2891] write(3, "1000", 4) = 4 [pid 2891] close(3) = 0 [pid 2891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2891] write(1, "executing program\n", 18executing program ) = 18 [pid 2891] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2891] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2891] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2892]}, 88) = 2892 [pid 2878] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2875] <... futex resumed>) = 0 [pid 2878] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2875] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2875] <... futex resumed>) = 0 [pid 2891] rt_sigprocmask(SIG_SETMASK, [], [pid 2875] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2891] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2891] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2892 attached [pid 2892] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2892] memfd_create("syzkaller", 0) = 3 [pid 2892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2892] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2892] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2888 attached [pid 2888] set_robust_list(0x555594a056a0, 24) = 0 [pid 2888] chdir("./84") = 0 [pid 2888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2888] setpgid(0, 0) = 0 [pid 2888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2888] write(3, "1000", 4) = 4 [pid 2888] close(3) = 0 [pid 2888] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 2888] write(1, "executing program\n", 18) = 18 [pid 2888] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2888] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2888] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2893]}, 88) = 2893 [pid 2888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2888] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2888] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2893 attached [pid 2893] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2893] memfd_create("syzkaller", 0) = 3 [pid 2893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 2890 attached ) = 524288 [pid 2893] munmap(0x7f0ae48af000, 138412032./strace-static-x86_64: Process 2889 attached [pid 2890] set_robust_list(0x555594a056a0, 24) = 0 [pid 2889] set_robust_list(0x7f0aecccf9a0, 24 [pid 2890] chdir("./87" [pid 2889] <... set_robust_list resumed>) = 0 [pid 2890] <... chdir resumed>) = 0 [pid 2889] rt_sigprocmask(SIG_SETMASK, [], [pid 2890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2890] <... prctl resumed>) = 0 [pid 2890] setpgid(0, 0 [pid 2889] memfd_create("syzkaller", 0 [pid 2878] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2890] <... setpgid resumed>) = 0 [pid 2889] <... memfd_create resumed>) = 3 [pid 2893] <... munmap resumed>) = 0 [pid 2892] <... ioctl resumed>) = 0 [pid 2890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2875] <... futex resumed>) = ? [pid 2890] <... openat resumed>) = 3 [pid 2889] <... mmap resumed>) = 0x7f0ae48af000 [pid 2890] write(3, "1000", 4 [pid 2889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2890] <... write resumed>) = 4 [pid 2890] close(3 [pid 2887] <... futex resumed>) = ? [pid 2890] <... close resumed>) = 0 [pid 2890] symlink("/dev/binderfs", "./binderfs" [pid 2892] close(3executing program [pid 2890] <... symlink resumed>) = 0 [pid 2890] write(1, "executing program\n", 18) = 18 [pid 2893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2892] <... close resumed>) = 0 [pid 2890] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2889] <... write resumed>) = 524288 [pid 2887] +++ killed by SIGBUS +++ [pid 2892] close(4) = 0 [pid 2890] <... futex resumed>) = 0 [pid 2892] mkdir("./file2", 0777 [pid 2890] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2892] <... mkdir resumed>) = 0 [pid 2890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2878] +++ killed by SIGBUS +++ [pid 2875] +++ killed by SIGBUS +++ [pid 2890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2875, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2890] <... mmap resumed>) = 0x7f0aeccaf000 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2890] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2892] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2889] munmap(0x7f0ae48af000, 138412032 [pid 2890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2889] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 2895 attached [pid 2890] <... clone3 resumed> => {parent_tid=[2895]}, 88) = 2895 [pid 2889] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2890] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] set_robust_list(0x7f0aecccf9a0, 24 [pid 2890] <... futex resumed>) = 0 [pid 2895] <... set_robust_list resumed>) = 0 [pid 2895] rt_sigprocmask(SIG_SETMASK, [], [pid 2890] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2895] memfd_create("syzkaller", 0) = 3 [pid 2895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2895] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 63.147848][ T2878] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2892] <... mount resumed>) = 0 [pid 2892] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2892] chdir("./file2") = 0 [pid 2892] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2893] <... openat resumed>) = 4 [pid 2889] <... openat resumed>) = 4 [pid 2893] ioctl(4, LOOP_SET_FD, 3 [pid 2889] ioctl(4, LOOP_SET_FD, 3 [pid 2895] <... openat resumed>) = 4 [pid 2889] <... ioctl resumed>) = 0 [pid 2895] ioctl(4, LOOP_SET_FD, 3 [pid 2889] close(3) = 0 [pid 2889] close(4 [pid 2895] <... ioctl resumed>) = 0 [pid 2895] close(3) = 0 [pid 2895] close(4 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./84/file2") = 0 [pid 291] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./84/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./84") = 0 [pid 291] mkdir("./85", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2895] <... close resumed>) = 0 [pid 2895] mkdir("./file2", 0777) = 0 [pid 2895] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2893] <... ioctl resumed>) = 0 [pid 2889] <... close resumed>) = 0 [pid 2893] close(3) = 0 [ 63.198328][ T2892] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 2893] close(4 [pid 2889] mkdir("./file2", 0777) = 0 [pid 2889] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2893] <... close resumed>) = 0 [pid 2892] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 2893] mkdir("./file2", 0777 [pid 2892] ioctl(4, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 2893] <... mkdir resumed>) = 0 [pid 2893] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2895] <... mount resumed>) = 0 [pid 2895] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2895] chdir("./file2") = 0 [pid 2895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2892] <... ioctl resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2895] <... openat resumed>) = 4 [pid 2895] ioctl(4, LOOP_CLR_FD) = 0 [pid 2895] close(4) = 0 [pid 2895] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2895] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2892] close(4) = 0 [pid 2892] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2891] <... futex resumed>) = 0 [pid 2892] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2891] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2892] <... openat resumed>) = 4 [pid 2891] <... futex resumed>) = 0 [pid 2890] <... futex resumed>) = 0 [pid 291] close(3 [pid 2892] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2892] <... futex resumed>) = 0 [pid 2891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2892] write(4, "#! \n", 4 [pid 2891] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2892] <... write resumed>) = 4 [pid 2891] <... futex resumed>) = 0 [pid 2892] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2892] <... futex resumed>) = 0 [pid 2891] <... futex resumed>) = 0 [pid 2892] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2891] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2904]}, 88) = 2904 [pid 2891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2891] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2891] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2890] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 2890] <... futex resumed>) = 1 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2890] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2905 ./strace-static-x86_64: Process 2904 attached [pid 2904] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2904] write(4, "#! \n", 4) = 4 [pid 2904] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] <... futex resumed>) = 0 [pid 2891] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2892] <... futex resumed>) = 0 [pid 2891] <... futex resumed>) = 1 [pid 2892] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2891] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2892] <... mmap resumed>) = 0x200000000000 [pid 2892] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2891] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2905 attached [pid 2895] <... futex resumed>) = 0 [pid 2891] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2905] set_robust_list(0x555594a056a0, 24) = 0 [pid 2905] chdir("./85") = 0 [pid 2905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2905] setpgid(0, 0 [pid 2904] <... futex resumed>) = 1 [pid 2904] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] <... setpgid resumed>) = 0 [pid 2905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2905] write(3, "1000", 4) = 4 [pid 2905] close(3) = 0 [pid 2905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2905] write(1, "executing program\n", 18executing program ) = 18 [pid 2905] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2905] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2891] <... futex resumed>) = 0 [pid 2891] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2910]}, 88) = 2910 [pid 2905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2905] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2910 attached [ 63.318376][ T2895] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 63.350440][ T2892] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2910] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2910] memfd_create("syzkaller", 0) = 3 [pid 2910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2910] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2910] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2910] ioctl(4, LOOP_SET_FD, 3 [pid 2892] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2904] <... futex resumed>) = ? [pid 2895] <... openat resumed>) = 4 [pid 2891] <... futex resumed>) = ? [pid 2889] <... mount resumed>) = 0 [pid 2895] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2895] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2889] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2889] chdir("./file2") = 0 [pid 2889] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2910] <... ioctl resumed>) = 0 [pid 2910] close(3) = 0 [pid 2910] close(4 [pid 2892] +++ killed by SIGBUS +++ [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... futex resumed>) = 0 [pid 2890] <... futex resumed>) = 1 [pid 2895] write(4, "#! \n", 4 [pid 2890] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... write resumed>) = 4 [pid 2890] <... futex resumed>) = 0 [pid 2895] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2895] <... futex resumed>) = 0 [pid 2890] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2895] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2890] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2912]}, 88) = 2912 [pid 2890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2890] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2890] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2904] +++ killed by SIGBUS +++ [pid 2891] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2891, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 2912 attached [pid 2912] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2912] write(4, "#! \n", 4) = 4 [pid 2912] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2895] <... futex resumed>) = 0 [pid 2890] <... futex resumed>) = 1 [pid 2895] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2890] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2895] <... mmap resumed>) = 0x200000000000 [pid 2895] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2912] <... futex resumed>) = 1 [pid 2912] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2893] <... mount resumed>) = 0 [pid 2893] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2893] chdir("./file2") = 0 [pid 2893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2890] <... futex resumed>) = 0 [pid 2890] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2895] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2912] <... futex resumed>) = ? [pid 2890] <... futex resumed>) = ? [pid 2912] +++ killed by SIGBUS +++ [pid 2895] +++ killed by SIGBUS +++ [pid 2890] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2890, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2910] <... close resumed>) = 0 [pid 2889] <... openat resumed>) = 4 [pid 2910] mkdir("./file2", 0777 [pid 2889] ioctl(4, LOOP_CLR_FD [pid 2910] <... mkdir resumed>) = 0 [ 63.366151][ T2889] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 63.377586][ T2893] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 63.388066][ T2895] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2910] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2893] <... openat resumed>) = 4 [pid 2893] ioctl(4, LOOP_CLR_FD) = 0 [pid 2889] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 2889] close(4 [pid 290] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2889] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2889] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./87/file2", [pid 2889] <... futex resumed>) = 1 [pid 2886] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2893] close(4 [pid 2889] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2886] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2893] <... close resumed>) = 0 [pid 2889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2886] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2893] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2889] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2886] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2893] <... futex resumed>) = 1 [pid 2888] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 2893] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2888] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 2888] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2888] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./87/file2") = 0 [pid 290] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./87/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./87" [pid 2889] <... openat resumed>) = 4 [pid 290] <... rmdir resumed>) = 0 [pid 2893] <... openat resumed>) = 4 [pid 2889] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] mkdir("./88", 0777 [pid 287] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2893] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2889] <... futex resumed>) = 1 [pid 2886] <... futex resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2893] <... futex resumed>) = 1 [pid 2889] write(4, "#! \n", 4 [pid 2888] <... futex resumed>) = 0 [pid 2886] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2893] write(4, "#! \n", 4 [pid 2889] <... write resumed>) = 4 [pid 2888] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2886] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 287] newfstatat(AT_FDCWD, "./89/file2", [pid 2893] <... write resumed>) = 4 [pid 2889] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2888] <... futex resumed>) = 0 [pid 2886] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] ioctl(3, LOOP_CLR_FD [pid 2893] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2889] <... futex resumed>) = 0 [pid 2888] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2886] <... futex resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2893] <... futex resumed>) = 0 [pid 2889] write(4, "#! \n", 4 [pid 2888] <... futex resumed>) = 0 [pid 2886] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] close(3 [pid 2893] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2889] <... write resumed>) = 4 [pid 2888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... close resumed>) = 0 [pid 287] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2889] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2888] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2889] <... futex resumed>) = 1 [pid 2888] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2886] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2889] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2888] <... mprotect resumed>) = 0 [pid 2886] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2914 [pid 2889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2888] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 2886] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2889] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2888] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2886] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2889] <... mmap resumed>) = 0x200000000000 [pid 287] <... openat resumed>) = 4 ./strace-static-x86_64: Process 2915 attached ./strace-static-x86_64: Process 2914 attached [pid 2889] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2888] <... clone3 resumed> => {parent_tid=[2915]}, 88) = 2915 [pid 2888] rt_sigprocmask(SIG_SETMASK, [], [pid 2889] <... futex resumed>) = 1 [pid 2888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2886] <... futex resumed>) = 0 [pid 287] newfstatat(4, "", [pid 2889] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2886] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2888] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2886] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2888] <... futex resumed>) = 0 [pid 2888] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(4, [pid 2915] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2915] write(4, "#! \n", 4) = 4 [pid 2915] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2888] <... futex resumed>) = 0 [pid 2888] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2893] <... futex resumed>) = 0 [pid 2888] <... futex resumed>) = 1 [pid 2893] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2888] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2893] <... mmap resumed>) = 0x200000000000 [pid 2893] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] <... futex resumed>) = 0 [pid 2888] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2888] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2915] <... futex resumed>) = 1 [pid 2915] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2914] set_robust_list(0x555594a056a0, 24) = 0 [pid 2914] chdir("./88") = 0 [pid 2914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2914] setpgid(0, 0) = 0 [pid 2914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2914] write(3, "1000", 4) = 4 [pid 2914] close(3) = 0 [pid 2914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2914] write(1, "executing program\n", 18) = 18 [pid 2914] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2914] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2917]}, 88) = 2917 [pid 2914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2914] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2917 attached [pid 2889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2917] set_robust_list(0x7f0aecccf9a0, 24 [pid 287] getdents64(4, [pid 2917] <... set_robust_list resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2917] rt_sigprocmask(SIG_SETMASK, [], [pid 287] close(4 [pid 2917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... close resumed>) = 0 [pid 2917] memfd_create("syzkaller", 0 [pid 287] rmdir("./89/file2" [pid 2917] <... memfd_create resumed>) = 3 [pid 287] <... rmdir resumed>) = 0 [pid 2917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 287] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2917] <... mmap resumed>) = 0x7f0ae48af000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./89/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./89") = 0 [pid 287] mkdir("./90", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2918 [pid 2917] <... write resumed>) = 524288 [pid 2917] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2917] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2917] ioctl(4, LOOP_SET_FD, 3 [pid 2886] <... futex resumed>) = ? [pid 2889] +++ killed by SIGBUS +++ [pid 2886] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 2918 attached [pid 2918] set_robust_list(0x555594a056a0, 24) = 0 [pid 2918] chdir("./90") = 0 [pid 2918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2918] setpgid(0, 0) = 0 [pid 2918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2917] <... ioctl resumed>) = 0 [pid 2917] close(3) = 0 [pid 2917] close(4 [pid 2893] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2918] write(3, "1000", 4executing program ) = 4 [pid 2918] close(3) = 0 [pid 2918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2918] write(1, "executing program\n", 18) = 18 [pid 2918] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2918] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2920]}, 88) = 2920 [pid 2918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2918] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2920 attached [pid 2920] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2920] memfd_create("syzkaller", 0) = 3 [pid 2920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2920] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2920] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2886, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2915] <... futex resumed>) = ? [pid 2910] <... mount resumed>) = 0 [pid 2888] <... futex resumed>) = ? [pid 2915] +++ killed by SIGBUS +++ [pid 2893] +++ killed by SIGBUS +++ [pid 2888] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2888, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2910] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2910] chdir("./file2") = 0 [pid 2910] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2920] <... openat resumed>) = 4 [pid 2917] <... close resumed>) = 0 [pid 2917] mkdir("./file2", 0777) = 0 [pid 2917] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2920] ioctl(4, LOOP_SET_FD, 3 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2920] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2920] close(3 [pid 288] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2920] <... close resumed>) = 0 [pid 2920] close(4 [pid 288] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./83/file2") = 0 [pid 288] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 63.530733][ T2889] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 63.545854][ T2893] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 63.561219][ T2910] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 288] unlink("./83/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./83") = 0 [pid 288] mkdir("./84", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2917] <... mount resumed>) = 0 [pid 2917] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2917] chdir("./file2") = 0 [pid 2917] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2910] <... openat resumed>) = 4 [pid 2910] ioctl(4, LOOP_CLR_FD) = 0 [pid 2910] close(4) = 0 [pid 2920] <... close resumed>) = 0 [pid 2910] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] mkdir("./file2", 0777) = 0 [pid 2920] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2910] <... futex resumed>) = 1 [pid 2905] <... futex resumed>) = 0 [pid 2910] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2905] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2910] <... futex resumed>) = 0 [pid 2910] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 2910] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2905] <... futex resumed>) = 0 [pid 2905] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2905] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2924 attached => {parent_tid=[2924]}, 88) = 2924 [pid 2905] rt_sigprocmask(SIG_SETMASK, [], [pid 2924] set_robust_list(0x7f0aeccae9a0, 24 [pid 2905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2905] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2905] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2910] <... futex resumed>) = 1 [pid 2910] write(4, "#! \n", 4) = 4 [pid 2924] <... set_robust_list resumed>) = 0 [pid 2910] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2910] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2924] write(4, "#! \n", 4) = 4 [pid 2924] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2905] <... futex resumed>) = 0 [pid 2905] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2905] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2910] <... futex resumed>) = 0 [pid 2910] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2924] <... futex resumed>) = 1 [pid 2910] <... mmap resumed>) = 0x200000000000 [pid 2924] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2910] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2905] <... futex resumed>) = 0 [pid 2910] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2905] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2910] <... futex resumed>) = 0 [pid 2905] <... futex resumed>) = 1 [ 63.598467][ T2917] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 2905] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2910] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2924] <... futex resumed>) = ? [pid 2905] <... futex resumed>) = ? [pid 2924] +++ killed by SIGBUS +++ [pid 2910] +++ killed by SIGBUS +++ [pid 2905] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2905, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./84/file2") = 0 [pid 289] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./84/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./84") = 0 [pid 289] mkdir("./85", 0777) = 0 [ 63.636677][ T2910] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2917] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 2917] ioctl(4, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 288] close(3 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2925 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2926 ./strace-static-x86_64: Process 2925 attached [pid 2925] set_robust_list(0x555594a056a0, 24) = 0 [pid 2925] chdir("./85") = 0 [pid 2925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2925] setpgid(0, 0) = 0 [pid 2925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2925] write(3, "1000", 4) = 4 [pid 2917] <... ioctl resumed>) = 0 [pid 2917] close(4 [pid 2925] close(3) = 0 [pid 2925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2925] write(1, "executing program\n", 18executing program ) = 18 [pid 2925] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2925] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2928]}, 88) = 2928 [pid 2925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2925] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2925] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2926 attached ./strace-static-x86_64: Process 2928 attached [pid 2928] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2928] rt_sigprocmask(SIG_SETMASK, [], [pid 2926] set_robust_list(0x555594a056a0, 24 [pid 2928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2928] memfd_create("syzkaller", 0 [pid 2926] <... set_robust_list resumed>) = 0 [pid 2926] chdir("./84") = 0 [pid 2926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2926] setpgid(0, 0) = 0 [pid 2926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2926] write(3, "1000", 4) = 4 [pid 2926] close(3) = 0 [pid 2926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2926] write(1, "executing program\n", 18executing program ) = 18 [pid 2926] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2926] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2930]}, 88) = 2930 [pid 2926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2926] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2928] <... memfd_create resumed>) = 3 [pid 2928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2928] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2928] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 2930 attached [pid 2930] set_robust_list(0x7f0aecccf9a0, 24 [pid 2920] <... mount resumed>) = 0 [pid 2930] <... set_robust_list resumed>) = 0 [pid 2930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2930] memfd_create("syzkaller", 0 [pid 2920] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2930] <... memfd_create resumed>) = 3 [pid 2930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2920] <... openat resumed>) = 3 [pid 2920] chdir("./file2") = 0 [pid 2920] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2930] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2930] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2917] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 2917] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2917] <... futex resumed>) = 1 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2917] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] newfstatat(AT_FDCWD, "./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2914] <... futex resumed>) = 0 [pid 291] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2914] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2917] <... futex resumed>) = 0 [pid 2914] <... futex resumed>) = 1 [pid 291] <... openat resumed>) = 4 [pid 2920] <... openat resumed>) = 4 [pid 2930] <... openat resumed>) = 4 [pid 2928] <... openat resumed>) = 4 [pid 2917] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2914] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 2917] <... openat resumed>) = 4 [pid 2917] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./85/file2" [pid 2917] <... futex resumed>) = 1 [pid 2914] <... futex resumed>) = 0 [pid 2917] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2914] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2914] <... futex resumed>) = 0 [pid 2917] write(4, "#! \n", 4 [pid 2914] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2930] ioctl(4, LOOP_SET_FD, 3 [pid 2928] ioctl(4, LOOP_SET_FD, 3 [pid 2920] ioctl(4, LOOP_CLR_FD [pid 2917] <... write resumed>) = 4 [pid 2914] <... futex resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 2917] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2917] <... futex resumed>) = 0 [pid 2914] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2917] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2914] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2931]}, 88) = 2931 [pid 2914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2914] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2914] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2931 attached [pid 2931] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2931] <... set_robust_list resumed>) = 0 [pid 2931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2931] write(4, "#! \n", 4) = 4 [pid 2931] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2914] <... futex resumed>) = 0 [pid 2914] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2917] <... futex resumed>) = 0 [pid 2914] <... futex resumed>) = 1 [pid 2917] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2914] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2917] <... mmap resumed>) = 0x200000000000 [pid 2917] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2914] <... futex resumed>) = 0 [pid 2931] <... futex resumed>) = 1 [pid 2914] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 63.734023][ T2920] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 291] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./85/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./85") = 0 [pid 291] mkdir("./86", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2931] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2928] <... ioctl resumed>) = 0 [pid 2928] close(3) = 0 [pid 2928] close(4 [pid 2914] <... futex resumed>) = 0 [pid 2914] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2914] <... futex resumed>) = ? [pid 2931] <... futex resumed>) = ? [pid 2931] +++ killed by SIGBUS +++ [pid 2917] +++ killed by SIGBUS +++ [pid 2914] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2914, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2928] <... close resumed>) = 0 [pid 2920] <... ioctl resumed>) = 0 [pid 2928] mkdir("./file2", 0777 [pid 2930] <... ioctl resumed>) = 0 [pid 2928] <... mkdir resumed>) = 0 [pid 2920] close(4 [pid 291] <... openat resumed>) = 3 [pid 2928] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] ioctl(3, LOOP_CLR_FD [pid 2930] close(3) = 0 [ 63.776857][ T2917] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2930] close(4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 2920] <... close resumed>) = 0 [pid 2920] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2920] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2918] <... futex resumed>) = 0 [pid 2918] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... futex resumed>) = 0 [pid 2918] <... futex resumed>) = 1 [pid 2920] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2918] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2920] <... openat resumed>) = 4 [pid 2920] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2918] <... futex resumed>) = 0 [pid 2920] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2918] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2918] <... futex resumed>) = 0 [pid 2920] write(4, "#! \n", 4 [pid 2918] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... write resumed>) = 4 [pid 2918] <... futex resumed>) = 0 [pid 2920] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2920] <... futex resumed>) = 0 [pid 2918] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2920] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2918] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 2934 attached => {parent_tid=[2934]}, 88) = 2934 [pid 2918] rt_sigprocmask(SIG_SETMASK, [], [pid 2934] set_robust_list(0x7f0aeccae9a0, 24 [pid 2918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2918] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2934] <... set_robust_list resumed>) = 0 [pid 2934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2934] write(4, "#! \n", 4) = 4 [pid 2934] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2918] <... futex resumed>) = 0 [pid 2934] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2918] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... futex resumed>) = 0 [pid 2918] <... futex resumed>) = 1 [pid 2920] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2918] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2920] <... mmap resumed>) = 0x200000000000 [pid 2920] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2918] <... futex resumed>) = 0 [pid 2920] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2918] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2918] <... futex resumed>) = 0 [pid 2918] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2920] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2934] <... futex resumed>) = ? [pid 2918] <... futex resumed>) = ? [pid 2934] +++ killed by SIGBUS +++ [pid 2920] +++ killed by SIGBUS +++ [pid 2918] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2918, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 2930] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2930] mkdir("./file2", 0777 [pid 290] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2930] <... mkdir resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2930] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./88/file2") = 0 [pid 290] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./88/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./88") = 0 [pid 290] mkdir("./89", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2935 ./strace-static-x86_64: Process 2935 attached [pid 2935] set_robust_list(0x555594a056a0, 24) = 0 [pid 2935] chdir("./89") = 0 [pid 2935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2935] setpgid(0, 0) = 0 [pid 2935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2935] write(3, "1000", 4) = 4 [pid 2935] close(3) = 0 [pid 2935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2935] write(1, "executing program\n", 18) = 18 [pid 2935] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2935] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2935] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2937]}, 88) = 2937 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2936 [pid 2935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2935] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2937 attached [pid 2937] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2937] memfd_create("syzkaller", 0) = 3 [pid 2937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 2936 attached [pid 2936] set_robust_list(0x555594a056a0, 24) = 0 [pid 2936] chdir("./86" [pid 2937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2936] <... chdir resumed>) = 0 [ 63.903275][ T2920] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2937] <... write resumed>) = 524288 [pid 2937] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2937] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2936] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2928] <... mount resumed>) = 0 [pid 2936] <... prctl resumed>) = 0 [pid 2936] setpgid(0, 0) = 0 [pid 2936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2936] write(3, "1000", 4) = 4 executing program [pid 2936] close(3) = 0 [pid 2936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2936] write(1, "executing program\n", 18) = 18 [pid 2936] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2936] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2936] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2936] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2942]}, 88) = 2942 [pid 2936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2936] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2928] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2928] chdir("./file2") = 0 [pid 2928] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 2942 attached [pid 2942] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2942] memfd_create("syzkaller", 0) = 3 [pid 2942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2942] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2942] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2930] <... mount resumed>) = 0 [pid 2930] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2930] chdir("./file2") = 0 [pid 2930] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 2930] <... openat resumed>) = 4 [pid 2930] ioctl(4, LOOP_CLR_FD) = 0 [pid 2930] close(4 [pid 2937] <... openat resumed>) = 4 [pid 2937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2928] <... openat resumed>) = 4 [pid 287] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2937] close(3) = 0 [pid 2937] close(4 [pid 2928] ioctl(4, LOOP_CLR_FD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./90/file2") = 0 [pid 287] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./90/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./90") = 0 [pid 287] mkdir("./91", 0777) = 0 [ 63.961790][ T2928] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 63.963011][ T2930] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2937] <... close resumed>) = 0 [pid 2942] <... openat resumed>) = 4 [pid 2937] mkdir("./file2", 0777 [pid 2930] <... close resumed>) = 0 [pid 2937] <... mkdir resumed>) = 0 [pid 2937] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2928] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2928] close(4 [pid 2942] ioctl(4, LOOP_SET_FD, 3 [pid 2930] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2930] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2926] <... futex resumed>) = 1 [pid 2926] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] <... ioctl resumed>) = 0 [pid 2928] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2928] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2942] close(3 [pid 2928] <... futex resumed>) = 1 [pid 2925] <... futex resumed>) = 0 [pid 287] close(3 [pid 2928] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2925] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2925] <... futex resumed>) = 0 [pid 2928] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2925] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 2942] <... close resumed>) = 0 [pid 2942] close(4 [pid 2930] <... futex resumed>) = 0 [pid 2928] <... openat resumed>) = 4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2928] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2925] <... futex resumed>) = 0 [pid 2925] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2928] write(4, "#! \n", 4 [pid 2925] <... futex resumed>) = 0 [pid 2930] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2925] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2928] <... write resumed>) = 4 [pid 2925] <... futex resumed>) = 0 [pid 2928] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2928] <... futex resumed>) = 0 [pid 2925] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2928] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2925] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2945 [pid 2930] <... openat resumed>) = 4 [pid 2925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2930] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2930] <... futex resumed>) = 1 [pid 2930] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] <... clone3 resumed> => {parent_tid=[2946]}, 88) = 2946 [pid 2926] <... futex resumed>) = 0 [pid 2925] rt_sigprocmask(SIG_SETMASK, [], [pid 2926] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2926] <... futex resumed>) = 0 [pid 2925] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2925] <... futex resumed>) = 0 [pid 2926] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2925] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2926] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2926] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2930] write(4, "#! \n", 4 [pid 2926] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2930] <... write resumed>) = 4 [pid 2930] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2930] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2945 attached [pid 2926] <... clone3 resumed> => {parent_tid=[2948]}, 88) = 2948 [pid 2926] rt_sigprocmask(SIG_SETMASK, [], [pid 2945] set_robust_list(0x555594a056a0, 24 [pid 2926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2945] <... set_robust_list resumed>) = 0 [pid 2926] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2945] chdir("./91") = 0 ./strace-static-x86_64: Process 2946 attached [pid 2945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2945] setpgid(0, 0) = 0 [pid 2945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2945] write(3, "1000", 4) = 4 [pid 2945] close(3) = 0 [pid 2945] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 2948 attached ) = 0 executing program [pid 2945] write(1, "executing program\n", 18) = 18 [pid 2945] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2945] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2945] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2948] set_robust_list(0x7f0aeccae9a0, 24 [pid 2945] <... clone3 resumed> => {parent_tid=[2950]}, 88) = 2950 [pid 2945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2945] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2945] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2950 attached [pid 2948] <... set_robust_list resumed>) = 0 [pid 2946] set_robust_list(0x7f0aeccae9a0, 24 [pid 2950] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2950] memfd_create("syzkaller", 0) = 3 [pid 2950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2950] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2950] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2948] write(4, "#! \n", 4) = 4 [pid 2948] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2948] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2946] <... set_robust_list resumed>) = 0 [pid 2946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2946] write(4, "#! \n", 4) = 4 [pid 2946] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2930] <... futex resumed>) = 0 [pid 2926] <... futex resumed>) = 1 [pid 2930] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2926] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2930] <... mmap resumed>) = 0x200000000000 [pid 2930] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2926] <... futex resumed>) = 0 [pid 2937] <... mount resumed>) = 0 [pid 2926] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2925] <... futex resumed>) = 0 [pid 2925] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2928] <... futex resumed>) = 0 [pid 2926] <... futex resumed>) = 0 [pid 2925] <... futex resumed>) = 1 [pid 2928] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2926] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2925] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2928] <... mmap resumed>) = 0x200000000000 [pid 2928] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2925] <... futex resumed>) = 0 [pid 2942] <... close resumed>) = 0 [pid 2937] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2930] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2925] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2942] mkdir("./file2", 0777) = 0 [pid 2942] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2948] <... futex resumed>) = ? [pid 2937] <... openat resumed>) = 3 [pid 2937] chdir("./file2") = 0 [pid 2937] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2950] <... openat resumed>) = 4 [pid 2937] <... openat resumed>) = 4 [pid 2928] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2926] <... futex resumed>) = ? [pid 2925] <... futex resumed>) = 0 [pid 2950] ioctl(4, LOOP_SET_FD, 3 [pid 2925] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2948] +++ killed by SIGBUS +++ [pid 2930] +++ killed by SIGBUS +++ [pid 2926] +++ killed by SIGBUS +++ [pid 2946] <... futex resumed>) = ? [pid 2925] <... futex resumed>) = ? [pid 2937] ioctl(4, LOOP_CLR_FD [pid 2946] +++ killed by SIGBUS +++ [pid 2928] +++ killed by SIGBUS +++ [pid 2925] +++ killed by SIGBUS +++ [pid 2950] <... ioctl resumed>) = 0 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2925, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2926, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2950] close(3 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 2950] <... close resumed>) = 0 [ 64.072369][ T2937] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 64.080447][ T2930] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 64.088686][ T2928] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2950] close(4 [pid 289] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 289] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", [pid 288] newfstatat(3, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, [pid 288] getdents64(3, [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2942] <... mount resumed>) = 0 [pid 2942] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2942] chdir("./file2") = 0 [pid 2942] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2950] <... close resumed>) = 0 [pid 2950] mkdir("./file2", 0777 [pid 2937] <... ioctl resumed>) = 0 [pid 2942] <... openat resumed>) = 4 [pid 2950] <... mkdir resumed>) = 0 [pid 2950] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2937] close(4 [ 64.126496][ T2942] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 2942] ioctl(4, LOOP_CLR_FD) = 0 [pid 2937] <... close resumed>) = 0 [pid 2937] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2935] <... futex resumed>) = 0 [pid 2937] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2935] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2937] <... openat resumed>) = 4 [pid 2935] <... futex resumed>) = 0 [pid 2937] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2937] <... futex resumed>) = 0 [pid 2935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2937] write(4, "#! \n", 4 [pid 2935] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2937] <... write resumed>) = 4 [pid 2935] <... futex resumed>) = 0 [pid 2937] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2937] <... futex resumed>) = 0 [pid 2935] <... futex resumed>) = 0 [pid 2937] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2935] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2955]}, 88) = 2955 [pid 2935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2935] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2935] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] close(4) = 0 [pid 2942] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] <... futex resumed>) = 0 [pid 2942] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2955 attached [pid 2955] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2955] write(4, "#! \n", 4) = 4 [pid 2955] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] <... futex resumed>) = 0 [pid 2935] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2937] <... futex resumed>) = 0 [pid 2935] <... futex resumed>) = 1 [pid 2937] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2935] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2937] <... mmap resumed>) = 0x200000000000 [pid 2937] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2935] <... futex resumed>) = 0 [pid 2936] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 2942] <... futex resumed>) = 0 [pid 2936] <... futex resumed>) = 1 [pid 2936] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2935] <... futex resumed>) = 0 [pid 2935] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2955] <... futex resumed>) = 1 [pid 2955] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2937] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2942] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2955] <... futex resumed>) = ? [pid 2935] <... futex resumed>) = ? [pid 2955] +++ killed by SIGBUS +++ [pid 2937] +++ killed by SIGBUS +++ [pid 2935] +++ killed by SIGBUS +++ [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2935, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./84/file2", [pid 2942] <... openat resumed>) = 4 [pid 289] newfstatat(AT_FDCWD, "./85/file2", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2942] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2936] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2942] <... futex resumed>) = 1 [pid 2936] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 4 [pid 2936] <... futex resumed>) = 0 [pid 288] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2942] write(4, "#! \n", 4 [pid 2936] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 2942] <... write resumed>) = 4 [pid 2936] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 2942] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2942] <... futex resumed>) = 0 [pid 2936] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2936] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 2942] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 2936] <... mprotect resumed>) = 0 [pid 289] getdents64(4, [pid 2936] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2936] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] close(4 [pid 2936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... close resumed>) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] rmdir("./85/file2" [pid 2936] <... clone3 resumed> => {parent_tid=[2957]}, 88) = 2957 [pid 288] close(4 [pid 2936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] <... close resumed>) = 0 [pid 2936] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] rmdir("./84/file2" [pid 2936] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2957 attached [pid 2957] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 2957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2957] write(4, "#! \n", 4) = 4 [pid 2957] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] <... futex resumed>) = 0 [pid 288] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2936] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... rmdir resumed>) = 0 [pid 2936] <... futex resumed>) = 1 [pid 2942] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2936] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2957] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2942] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 288] newfstatat(AT_FDCWD, "./84/binderfs", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2942] <... mmap resumed>) = 0x200000000000 [pid 289] newfstatat(AT_FDCWD, "./85/binderfs", [pid 2942] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./84/binderfs" [pid 2942] <... futex resumed>) = 1 [pid 2936] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2936] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... unlink resumed>) = 0 [pid 289] unlink("./85/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./85") = 0 [pid 289] mkdir("./86", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2958 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./84") = 0 [pid 288] mkdir("./85", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2959 executing program executing program ./strace-static-x86_64: Process 2959 attached ./strace-static-x86_64: Process 2958 attached [pid 2942] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 290] <... restart_syscall resumed>) = 0 [pid 2959] set_robust_list(0x555594a056a0, 24 [pid 2958] set_robust_list(0x555594a056a0, 24 [pid 2959] <... set_robust_list resumed>) = 0 [pid 2958] <... set_robust_list resumed>) = 0 [pid 2959] chdir("./85" [pid 2958] chdir("./86" [pid 290] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2959] <... chdir resumed>) = 0 [pid 2958] <... chdir resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2958] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 290] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2959] <... prctl resumed>) = 0 [pid 2958] <... prctl resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 2959] setpgid(0, 0 [pid 2958] setpgid(0, 0 [pid 290] newfstatat(3, "", [pid 2959] <... setpgid resumed>) = 0 [pid 2958] <... setpgid resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] getdents64(3, [pid 2959] <... openat resumed>) = 3 [pid 2958] <... openat resumed>) = 3 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 2959] write(3, "1000", 4 [pid 2958] write(3, "1000", 4 [pid 290] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2959] <... write resumed>) = 4 [pid 2958] <... write resumed>) = 4 [pid 2959] close(3 [pid 2958] close(3 [pid 2959] <... close resumed>) = 0 [pid 2958] <... close resumed>) = 0 [pid 2959] symlink("/dev/binderfs", "./binderfs" [pid 2958] symlink("/dev/binderfs", "./binderfs" [pid 2959] <... symlink resumed>) = 0 [pid 2958] <... symlink resumed>) = 0 [pid 2959] write(1, "executing program\n", 18 [pid 2958] write(1, "executing program\n", 18 [pid 2959] <... write resumed>) = 18 [pid 2958] <... write resumed>) = 18 [pid 2959] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2958] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2959] <... futex resumed>) = 0 [pid 2958] <... futex resumed>) = 0 [pid 2959] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2958] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 2959] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2958] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2959] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2958] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2959] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2958] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2959] <... mprotect resumed>) = 0 [pid 2958] <... mprotect resumed>) = 0 [pid 2959] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2958] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2959] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2958] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2959] <... clone3 resumed> => {parent_tid=[2961]}, 88) = 2961 [pid 2958] <... clone3 resumed> => {parent_tid=[2962]}, 88) = 2962 [pid 2959] rt_sigprocmask(SIG_SETMASK, [], [pid 2958] rt_sigprocmask(SIG_SETMASK, [], [pid 2959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2959] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2959] <... futex resumed>) = 0 [pid 2958] <... futex resumed>) = 0 [pid 2959] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2936] <... futex resumed>) = ? ./strace-static-x86_64: Process 2961 attached [pid 2961] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2961] memfd_create("syzkaller", 0) = 3 [pid 2961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2961] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2961] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2961] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2962 attached [ 64.291730][ T2937] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 64.315585][ T2942] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2962] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2962] memfd_create("syzkaller", 0 [pid 2957] <... futex resumed>) = ? [pid 2950] <... mount resumed>) = 0 [pid 2942] +++ killed by SIGBUS +++ [pid 2950] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2957] +++ killed by SIGBUS +++ [pid 2936] +++ killed by SIGBUS +++ [pid 2950] chdir("./file2" [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2936, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 2950] <... chdir resumed>) = 0 [pid 2950] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2961] <... ioctl resumed>) = 0 [pid 2961] close(3 [pid 2962] <... memfd_create resumed>) = 3 [pid 2961] <... close resumed>) = 0 [pid 2961] close(4 [pid 2962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2962] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2962] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2962] <... openat resumed>) = 4 [pid 2962] ioctl(4, LOOP_SET_FD, 3 [pid 2950] <... openat resumed>) = 4 [ 64.329727][ T2950] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 2950] ioctl(4, LOOP_CLR_FD [pid 2961] <... close resumed>) = 0 [pid 2950] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 2950] close(4 [pid 2961] mkdir("./file2", 0777) = 0 [pid 2950] <... close resumed>) = 0 [pid 291] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2950] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2950] <... futex resumed>) = 1 [pid 2945] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2950] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2945] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./89/file2", [pid 2945] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2945] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2950] <... openat resumed>) = 4 [pid 291] newfstatat(AT_FDCWD, "./86/file2", [pid 290] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2962] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2962] close(3) = 0 [pid 2962] close(4 [pid 290] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2950] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 4 [pid 2950] <... futex resumed>) = 1 [pid 2945] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2950] write(4, "#! \n", 4 [pid 2945] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 2945] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2945] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] getdents64(4, [pid 2945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2950] <... write resumed>) = 4 [pid 2950] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2945] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2950] <... futex resumed>) = 0 [pid 2945] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] getdents64(4, [pid 2945] <... mprotect resumed>) = 0 [pid 2950] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 2945] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] close(4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./86/file2") = 0 [pid 291] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./86/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./86") = 0 [pid 291] mkdir("./87", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2945] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2967]}, 88) = 2967 [pid 2945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2945] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2945] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./89/file2") = 0 [pid 290] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./89/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./89") = 0 [pid 290] mkdir("./90", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 2967 attached [pid 2967] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2967] write(4, "#! \n", 4) = 4 [pid 2967] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2945] <... futex resumed>) = 0 [pid 2945] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2967] <... futex resumed>) = 1 [pid 2967] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2950] <... futex resumed>) = 0 [pid 2950] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 2950] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2945] <... futex resumed>) = 0 [pid 2950] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2945] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2945] <... futex resumed>) = 0 [pid 2961] <... mount resumed>) = 0 [pid 2961] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2961] chdir("./file2") = 0 [pid 2961] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2945] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2967] <... futex resumed>) = ? [pid 2945] <... futex resumed>) = ? [pid 2967] +++ killed by SIGBUS +++ [pid 2950] +++ killed by SIGBUS +++ [pid 2945] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2945, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2962] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 2962] mkdir("./file2", 0777 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 2962] <... mkdir resumed>) = 0 [pid 2962] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 64.420260][ T2961] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 64.431615][ T2950] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(3 [pid 290] close(3 [pid 287] close(4 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] rmdir("./91/file2") = 0 [pid 287] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2968 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 2969 [pid 287] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./91/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./91") = 0 [pid 287] mkdir("./92", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2970 ./strace-static-x86_64: Process 2969 attached [pid 2969] set_robust_list(0x555594a056a0, 24) = 0 [pid 2969] chdir("./87") = 0 [pid 2969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2969] setpgid(0, 0) = 0 [pid 2969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2969] write(3, "1000", 4) = 4 [pid 2969] close(3) = 0 [pid 2969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2969] write(1, "executing program\n", 18executing program ) = 18 [pid 2969] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2969] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2969] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2972]}, 88) = 2972 [pid 2969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2969] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2969] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2972 attached [pid 2972] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2972] memfd_create("syzkaller", 0) = 3 [pid 2972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2961] <... openat resumed>) = 4 [pid 2961] ioctl(4, LOOP_CLR_FD [pid 2972] <... write resumed>) = 524288 [pid 2972] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2972] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2972] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2968 attached [pid 2968] set_robust_list(0x555594a056a0, 24) = 0 [pid 2968] chdir("./90") = 0 [pid 2968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2968] setpgid(0, 0./strace-static-x86_64: Process 2970 attached executing program [pid 2970] set_robust_list(0x555594a056a0, 24 [pid 2968] <... setpgid resumed>) = 0 [pid 2970] <... set_robust_list resumed>) = 0 [pid 2970] chdir("./92") = 0 [pid 2970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2970] setpgid(0, 0) = 0 [pid 2970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2970] write(3, "1000", 4) = 4 [pid 2970] close(3) = 0 [pid 2970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2970] write(1, "executing program\n", 18) = 18 [pid 2970] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2970] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2970] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2975]}, 88) = 2975 [pid 2970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2970] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2970] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2975 attached [pid 2975] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 2975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2975] memfd_create("syzkaller", 0) = 3 [pid 2975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2975] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2961] <... ioctl resumed>) = 0 [pid 2961] close(4) = 0 [pid 2961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2959] <... futex resumed>) = 0 [pid 2961] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2959] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2959] <... futex resumed>) = 0 [pid 2961] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2959] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2961] <... openat resumed>) = 4 [pid 2961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2959] <... futex resumed>) = 0 [pid 2961] write(4, "#! \n", 4 [pid 2959] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] <... write resumed>) = 4 [pid 2959] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2959] <... futex resumed>) = 0 [pid 2961] <... futex resumed>) = 0 [pid 2959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2961] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2959] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2959] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2959] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2962] <... mount resumed>) = 0 [pid 2959] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2975] <... openat resumed>) = 4 [pid 2972] <... ioctl resumed>) = 0 [pid 2968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2962] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2975] close(3) = 0 [pid 2975] close(4 [pid 2972] close(3) = 0 [pid 2972] close(4 [pid 2968] <... openat resumed>) = 3 [pid 2968] write(3, "1000", 4) = 4 [pid 2968] close(3) = 0 [pid 2968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2968] write(1, "executing program\n", 18executing program ) = 18 [pid 2968] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2968] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 2977 attached [pid 2962] <... openat resumed>) = 3 [pid 2959] <... clone3 resumed> => {parent_tid=[2977]}, 88) = 2977 [pid 2968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2959] rt_sigprocmask(SIG_SETMASK, [], [pid 2962] chdir("./file2" [pid 2959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2959] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2962] <... chdir resumed>) = 0 [pid 2959] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2977] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2977] write(4, "#! \n", 4) = 4 [pid 2977] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2959] <... futex resumed>) = 0 [pid 2959] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2959] <... futex resumed>) = 1 [pid 2961] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2959] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2961] <... mmap resumed>) = 0x200000000000 [pid 2961] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2959] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2978 attached [pid 2977] <... futex resumed>) = 1 [pid 2959] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... clone3 resumed> => {parent_tid=[2978]}, 88) = 2978 [pid 2968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2968] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2978] set_robust_list(0x7f0aecccf9a0, 24 [pid 2977] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2978] <... set_robust_list resumed>) = 0 [pid 2978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2978] memfd_create("syzkaller", 0) = 3 [pid 2978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2978] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2978] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2959] <... futex resumed>) = 0 [pid 2959] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2961] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2975] <... close resumed>) = 0 [pid 2972] <... close resumed>) = 0 [pid 2962] <... openat resumed>) = 4 [pid 2977] <... futex resumed>) = ? [pid 2975] mkdir("./file2", 0777 [pid 2972] mkdir("./file2", 0777 [pid 2962] ioctl(4, LOOP_CLR_FD [pid 2959] <... futex resumed>) = ? [pid 2975] <... mkdir resumed>) = 0 [pid 2972] <... mkdir resumed>) = 0 [pid 2975] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2977] +++ killed by SIGBUS +++ [pid 2972] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2961] +++ killed by SIGBUS +++ [pid 2959] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2959, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2978] <... openat resumed>) = 4 [ 64.522380][ T2962] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 64.551043][ T2961] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2978] ioctl(4, LOOP_SET_FD, 3 [pid 2962] <... ioctl resumed>) = 0 [pid 2962] close(4 [pid 2978] <... ioctl resumed>) = 0 [pid 2962] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 2978] close(3 [pid 2962] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2978] <... close resumed>) = 0 [pid 2962] <... futex resumed>) = 1 [pid 2978] close(4 [pid 2962] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2958] <... futex resumed>) = 0 [pid 288] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2962] <... futex resumed>) = 0 [pid 2958] <... futex resumed>) = 1 [pid 288] newfstatat(AT_FDCWD, "./85/file2", [pid 2962] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2962] <... openat resumed>) = 4 [pid 2962] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2962] <... futex resumed>) = 1 [pid 2958] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2962] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2958] <... futex resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 2962] write(4, "#! \n", 4 [pid 2958] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2962] <... write resumed>) = 4 [pid 2958] <... futex resumed>) = 0 [pid 2962] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./85/file2") = 0 [pid 288] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./85/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./85") = 0 [pid 288] mkdir("./86", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2962] <... futex resumed>) = 0 [pid 2962] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2958] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2958] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2984]}, 88) = 2984 [pid 2958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2958] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2958] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2984 attached [pid 2972] <... mount resumed>) = 0 [pid 2984] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2984] write(4, "#! \n", 4) = 4 [pid 2984] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2958] <... futex resumed>) = 0 [pid 2984] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2962] <... futex resumed>) = 0 [pid 2958] <... futex resumed>) = 1 [pid 2962] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... mmap resumed>) = 0x200000000000 [pid 2962] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2958] <... futex resumed>) = 0 [pid 2962] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2958] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2958] <... futex resumed>) = 0 [pid 2975] <... mount resumed>) = 0 [pid 2972] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2975] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2972] <... openat resumed>) = 3 [pid 2972] chdir("./file2") = 0 [pid 2975] chdir("./file2" [pid 2972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2975] <... chdir resumed>) = 0 [pid 2975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2958] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] <... close resumed>) = 0 [pid 2978] mkdir("./file2", 0777) = 0 [pid 2978] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 2962] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2958] <... futex resumed>) = ? [pid 2972] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 3 [pid 2972] ioctl(4, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 2972] <... ioctl resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2972] close(4 [pid 288] close(3 [pid 2972] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 2984] <... futex resumed>) = 0 [pid 2972] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2972] <... futex resumed>) = 1 [pid 2969] <... futex resumed>) = 0 [pid 2972] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2969] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 2987 [pid 2969] <... futex resumed>) = 0 [pid 2969] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] <... openat resumed>) = 4 [pid 2972] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2969] <... futex resumed>) = 0 [pid 2972] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2969] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2972] write(4, "#! \n", 4 [pid 2969] <... futex resumed>) = 0 [pid 2972] <... write resumed>) = 4 [pid 2969] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2972] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2969] <... futex resumed>) = 0 [pid 2972] <... futex resumed>) = 0 [pid 2969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2972] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2969] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2984] +++ killed by SIGBUS +++ [pid 2969] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 64.680488][ T2972] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 64.687725][ T2975] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 64.696005][ T2962] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2975] <... openat resumed>) = 4 [pid 2969] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 2987 attached [], 8) = 0 [pid 2978] <... mount resumed>) = 0 [pid 2962] +++ killed by SIGBUS +++ [pid 2958] +++ killed by SIGBUS +++ [pid 2975] ioctl(4, LOOP_CLR_FD) = 0 [pid 2975] close(4) = 0 [pid 2975] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2970] <... futex resumed>) = 0 [pid 2975] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2970] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2975] <... openat resumed>) = 4 [pid 2970] <... futex resumed>) = 0 [pid 2969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2958, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 2975] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2970] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2975] <... futex resumed>) = 0 [pid 2970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2975] write(4, "#! \n", 4 [pid 2970] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2975] <... write resumed>) = 4 [pid 2970] <... futex resumed>) = 0 [pid 2975] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2970] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2969] <... clone3 resumed> => {parent_tid=[2988]}, 88) = 2988 [pid 2975] <... futex resumed>) = 0 [pid 2970] <... futex resumed>) = 0 [pid 2975] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2970] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 2969] rt_sigprocmask(SIG_SETMASK, [], [pid 289] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2970] <... clone3 resumed> => {parent_tid=[2989]}, 88) = 2989 [pid 2970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2970] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2970] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2988 attached [pid 2988] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2988] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2989 attached [pid 2989] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2989] write(4, "#! \n", 4) = 4 [pid 2989] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2970] <... futex resumed>) = 0 [pid 2970] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2975] <... futex resumed>) = 0 [pid 2970] <... futex resumed>) = 1 [pid 2975] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2970] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2975] <... mmap resumed>) = 0x200000000000 [pid 2969] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2969] <... futex resumed>) = 1 [pid 2975] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2969] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2975] <... futex resumed>) = 1 [pid 2970] <... futex resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 2989] <... futex resumed>) = 1 [pid 2988] <... futex resumed>) = 0 [pid 2987] set_robust_list(0x555594a056a0, 24 [pid 2978] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 2970] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2988] write(4, "#! \n", 4) = 4 [pid 2988] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2969] <... futex resumed>) = 0 [pid 2969] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2972] <... futex resumed>) = 0 [pid 2969] <... futex resumed>) = 1 [pid 2972] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2969] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] <... mmap resumed>) = 0x200000000000 [pid 2972] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2969] <... futex resumed>) = 0 [pid 2989] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2988] <... futex resumed>) = 1 [pid 2987] <... set_robust_list resumed>) = 0 [pid 2978] <... openat resumed>) = 3 [pid 2975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2970] <... futex resumed>) = 0 [pid 2969] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2970] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2988] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] chdir("./86") = 0 [pid 2987] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2978] chdir("./file2" [pid 2987] <... prctl resumed>) = 0 [pid 2978] <... chdir resumed>) = 0 [pid 2987] setpgid(0, 0 [pid 2978] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2987] <... setpgid resumed>) = 0 [pid 2978] <... openat resumed>) = 4 [pid 2987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2978] ioctl(4, LOOP_CLR_FD) = 0 [pid 2978] close(4) = 0 [pid 2987] <... openat resumed>) = 3 [pid 2978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... futex resumed>) = 0 [pid 2968] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] <... futex resumed>) = 1 [pid 2978] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2969] <... futex resumed>) = 0 [pid 2969] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] write(3, "1000", 4) = 4 [pid 2987] close(3) = 0 [pid 2987] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 2987] write(1, "executing program\n", 18) = 18 [pid 2987] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2978] <... openat resumed>) = 4 [pid 2987] <... futex resumed>) = 0 [pid 2987] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2987] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2987] <... mmap resumed>) = 0x7f0aeccaf000 [pid 2968] <... futex resumed>) = 0 [pid 2968] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 2968] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[2990]}, 88) = 2990 [pid 2968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2968] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2968] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] <... futex resumed>) = 1 [pid 2987] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 2978] write(4, "#! \n", 4 [pid 2987] <... mprotect resumed>) = 0 [pid 2978] <... write resumed>) = 4 [pid 2987] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2978] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2970] <... futex resumed>) = ? [pid 2989] <... futex resumed>) = ? [pid 2989] +++ killed by SIGBUS +++ [pid 2987] <... clone3 resumed> => {parent_tid=[2991]}, 88) = 2991 [pid 2975] +++ killed by SIGBUS +++ [pid 2970] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2970, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2990 attached [pid 2990] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 2990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 2991 attached [pid 2972] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2990] write(4, "#! \n", 4) = 4 [ 64.729522][ T2978] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 64.748196][ T2975] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 64.756444][ T2972] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2990] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2968] <... futex resumed>) = 0 [pid 2988] <... futex resumed>) = ? [pid 2969] <... futex resumed>) = ? [pid 2968] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2978] <... futex resumed>) = 0 [pid 2968] <... futex resumed>) = 1 [pid 2978] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2968] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2978] <... mmap resumed>) = 0x200000000000 [pid 2978] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2968] <... futex resumed>) = 0 [pid 2991] set_robust_list(0x7f0aecccf9a0, 24 [pid 2990] <... futex resumed>) = 1 [pid 2968] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... set_robust_list resumed>) = 0 [pid 2991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2991] memfd_create("syzkaller", 0) = 3 [pid 2991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2990] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2991] <... write resumed>) = 524288 [pid 2991] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2991] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2991] ioctl(4, LOOP_SET_FD, 3 [pid 2988] +++ killed by SIGBUS +++ [pid 287] <... restart_syscall resumed>) = 0 [pid 2968] <... futex resumed>) = 0 [pid 2991] <... ioctl resumed>) = 0 [pid 2978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2968] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] +++ killed by SIGBUS +++ [pid 2969] +++ killed by SIGBUS +++ [pid 287] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2969, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 287] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2968] <... futex resumed>) = ? [pid 2991] close(3) = 0 [pid 2990] <... futex resumed>) = ? [pid 2990] +++ killed by SIGBUS +++ [pid 2991] close(4 [pid 2978] +++ killed by SIGBUS +++ [pid 2968] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2968, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 64.780593][ T2978] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 287] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2991] <... close resumed>) = 0 [pid 289] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./92/file2") = 0 [pid 287] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2991] mkdir("./file2", 0777 [pid 289] newfstatat(AT_FDCWD, "./86/file2", [pid 287] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./92/binderfs") = 0 [pid 287] getdents64(3, [pid 2991] <... mkdir resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 2991] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] close(3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./92" [pid 289] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... rmdir resumed>) = 0 [pid 289] <... openat resumed>) = 4 [pid 287] mkdir("./93", 0777 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 289] getdents64(4, [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./86/file2") = 0 [pid 289] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./86/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./86") = 0 [pid 289] mkdir("./87", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 291] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] newfstatat(AT_FDCWD, "./87/file2", [pid 290] newfstatat(AT_FDCWD, "./90/file2", [pid 289] close(3 [pid 287] close(3 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./87/file2") = 0 [pid 291] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./87/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./87") = 0 [pid 291] mkdir("./88", 0777) = 0 [pid 287] <... close resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 2994 ./strace-static-x86_64: Process 2994 attached [pid 2994] set_robust_list(0x555594a056a0, 24) = 0 [pid 2994] chdir("./88") = 0 [pid 2994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2994] setpgid(0, 0) = 0 [pid 2994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2994] write(3, "1000", 4) = 4 [pid 2994] close(3) = 0 [pid 2994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2994] write(1, "executing program\n", 18executing program ) = 18 [pid 2994] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2994] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2994] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[2996]}, 88) = 2996 [pid 2994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2994] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2994] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2996 attached [pid 2996] set_robust_list(0x7f0aecccf9a0, 24 [pid 290] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2996] <... set_robust_list resumed>) = 0 [pid 2996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 2997 [pid 290] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2996] memfd_create("syzkaller", 0 [pid 290] <... openat resumed>) = 4 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 2998 [pid 2996] <... memfd_create resumed>) = 3 [pid 2996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 2996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 2997 attached [pid 2997] set_robust_list(0x555594a056a0, 24) = 0 [pid 2997] chdir("./93") = 0 [pid 2997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2997] setpgid(0, 0) = 0 [pid 2997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2997] write(3, "1000", 4) = 4 [pid 2997] close(3) = 0 [pid 2997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4executing program [pid 2997] write(1, "executing program\n", 18 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./90/file2" [pid 2997] <... write resumed>) = 18 [pid 2997] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 290] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./90/binderfs" [pid 2997] <... futex resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./90" [pid 2997] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 290] mkdir("./91", 0777 [pid 2997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2997] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 2999 [pid 2997] <... mprotect resumed>) = 0 [pid 2997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 2996] <... write resumed>) = 524288 [pid 2997] <... clone3 resumed> => {parent_tid=[3000]}, 88) = 3000 [pid 2997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2996] munmap(0x7f0ae48af000, 138412032) = 0 [pid 2996] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2996] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3000 attached [pid 3000] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3000] memfd_create("syzkaller", 0./strace-static-x86_64: Process 2998 attached ) = 3 ./strace-static-x86_64: Process 2999 attached [pid 2998] set_robust_list(0x555594a056a0, 24 [pid 2999] set_robust_list(0x555594a056a0, 24 [pid 2998] <... set_robust_list resumed>) = 0 [pid 3000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2999] <... set_robust_list resumed>) = 0 [pid 2998] chdir("./87" [pid 3000] <... mmap resumed>) = 0x7f0ae48af000 [pid 2999] chdir("./91" [pid 2998] <... chdir resumed>) = 0 [pid 2996] <... ioctl resumed>) = 0 [pid 2996] close(3) = 0 [pid 2996] close(4 [pid 2991] <... mount resumed>) = 0 [pid 2991] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2998] setpgid(0, 0) = 0 [pid 2998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2998] write(3, "1000", 4) = 4 [pid 3000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2991] chdir("./file2" [pid 2999] <... chdir resumed>) = 0 [pid 2998] close(3 [pid 2999] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2991] <... chdir resumed>) = 0 [pid 2999] <... prctl resumed>) = 0 [pid 2999] setpgid(0, 0 [pid 2998] <... close resumed>) = 0 [pid 2999] <... setpgid resumed>) = 0 [pid 2991] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2998] symlink("/dev/binderfs", "./binderfs" [pid 2999] <... openat resumed>) = 3 [pid 2998] <... symlink resumed>) = 0 [pid 2999] write(3, "1000", 4executing program ) = 4 [pid 2998] write(1, "executing program\n", 18) = 18 [pid 2998] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2999] close(3 [pid 2998] <... futex resumed>) = 0 [pid 2998] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2998] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2998] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2999] <... close resumed>) = 0 [pid 2999] symlink("/dev/binderfs", "./binderfs" [pid 2998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2999] <... symlink resumed>) = 0 [pid 2998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}executing program [pid 2999] write(1, "executing program\n", 18) = 18 [pid 2998] <... clone3 resumed> => {parent_tid=[3002]}, 88) = 3002 [pid 2999] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2998] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2999] <... futex resumed>) = 0 [pid 2999] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 2999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 2999] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3003]}, 88) = 3003 [pid 2999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2999] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2999] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3003 attached ./strace-static-x86_64: Process 3002 attached [pid 3002] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3003] set_robust_list(0x7f0aecccf9a0, 24 [pid 3002] rt_sigprocmask(SIG_SETMASK, [], [pid 3000] <... write resumed>) = 524288 [pid 3000] munmap(0x7f0ae48af000, 138412032 [pid 3002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3003] <... set_robust_list resumed>) = 0 [pid 3000] <... munmap resumed>) = 0 [pid 3000] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3003] rt_sigprocmask(SIG_SETMASK, [], [pid 3002] memfd_create("syzkaller", 0 [pid 3003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3002] <... memfd_create resumed>) = 3 [pid 3002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3003] memfd_create("syzkaller", 0 [pid 3002] <... mmap resumed>) = 0x7f0ae48af000 [pid 3003] <... memfd_create resumed>) = 3 [pid 3003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3003] <... mmap resumed>) = 0x7f0ae48af000 [pid 3002] <... write resumed>) = 524288 [pid 3002] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3003] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2996] <... close resumed>) = 0 [pid 2991] <... openat resumed>) = 4 [pid 2996] mkdir("./file2", 0777 [pid 2991] ioctl(4, LOOP_CLR_FD [pid 2996] <... mkdir resumed>) = 0 [ 65.029764][ T2991] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 2996] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3003] <... openat resumed>) = 4 [pid 3002] <... openat resumed>) = 4 [pid 3000] <... openat resumed>) = 4 [pid 2991] <... ioctl resumed>) = 0 [pid 3003] ioctl(4, LOOP_SET_FD, 3 [pid 3002] ioctl(4, LOOP_SET_FD, 3 [pid 3000] ioctl(4, LOOP_SET_FD, 3 [pid 2991] close(4) = 0 [pid 3003] <... ioctl resumed>) = 0 [pid 2991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3003] close(3 [pid 2991] <... futex resumed>) = 1 [pid 2987] <... futex resumed>) = 0 [pid 3003] <... close resumed>) = 0 [pid 3002] <... ioctl resumed>) = 0 [pid 3000] <... ioctl resumed>) = 0 [pid 2991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3003] close(4 [pid 3002] close(3 [pid 3000] close(3 [pid 2991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2987] <... futex resumed>) = 0 [pid 3002] <... close resumed>) = 0 [pid 3000] <... close resumed>) = 0 [pid 2991] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3002] close(4 [pid 3000] close(4 [pid 2991] <... openat resumed>) = 4 [pid 2991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2987] <... futex resumed>) = 0 [pid 2991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2987] <... futex resumed>) = 0 [pid 2991] write(4, "#! \n", 4 [pid 2987] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... write resumed>) = 4 [pid 2987] <... futex resumed>) = 0 [pid 2991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2991] <... futex resumed>) = 0 [pid 2987] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3008 attached => {parent_tid=[3008]}, 88) = 3008 [pid 3008] set_robust_list(0x7f0aeccae9a0, 24 [pid 2987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2987] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2987] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3008] <... set_robust_list resumed>) = 0 [pid 3008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3008] write(4, "#! \n", 4) = 4 [pid 3008] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2987] <... futex resumed>) = 0 [pid 3008] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = 0 [pid 2987] <... futex resumed>) = 1 [pid 2991] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2991] <... mmap resumed>) = 0x200000000000 [pid 2991] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2987] <... futex resumed>) = 0 [pid 2991] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2987] <... futex resumed>) = 0 [pid 2991] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2987] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3003] <... close resumed>) = 0 [pid 3003] mkdir("./file2", 0777 [pid 3008] <... futex resumed>) = ? [pid 2987] <... futex resumed>) = ? [pid 3003] <... mkdir resumed>) = 0 [pid 3003] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3008] +++ killed by SIGBUS +++ [pid 2996] <... mount resumed>) = 0 [pid 2996] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 2991] +++ killed by SIGBUS +++ [pid 2996] chdir("./file2" [pid 2987] +++ killed by SIGBUS +++ [pid 2996] <... chdir resumed>) = 0 [pid 2996] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2987, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3002] <... close resumed>) = 0 [pid 3002] mkdir("./file2", 0777) = 0 [ 65.147861][ T2991] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.148586][ T2996] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3002] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3000] <... close resumed>) = 0 [pid 3000] mkdir("./file2", 0777 [pid 2996] <... openat resumed>) = 4 [pid 2996] ioctl(4, LOOP_CLR_FD [pid 3000] <... mkdir resumed>) = 0 [pid 3000] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3003] <... mount resumed>) = 0 [pid 3003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3003] chdir("./file2") = 0 [pid 3003] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2996] <... ioctl resumed>) = 0 [pid 3003] <... openat resumed>) = 4 [pid 2996] close(4 [pid 288] <... umount2 resumed>) = 0 [pid 2996] <... close resumed>) = 0 [pid 2996] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2996] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2994] <... futex resumed>) = 0 [pid 2994] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2996] <... futex resumed>) = 0 [pid 2994] <... futex resumed>) = 1 [pid 2996] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2994] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3003] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2996] <... openat resumed>) = 4 [pid 3003] <... ioctl resumed>) = 0 [pid 2996] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./86/file2", [pid 2996] <... futex resumed>) = 1 [pid 2994] <... futex resumed>) = 0 [pid 2994] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2996] write(4, "#! \n", 4 [pid 2994] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2996] <... write resumed>) = 4 [pid 2994] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3003] close(4 [pid 2996] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... openat resumed>) = 4 [pid 2996] <... futex resumed>) = 0 [pid 2994] <... mmap resumed>) = 0x7f0aecc8e000 [pid 288] newfstatat(4, "", [pid 3003] <... close resumed>) = 0 [pid 2996] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2994] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2994] <... mprotect resumed>) = 0 [pid 288] getdents64(4, [pid 3003] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 2994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3003] <... futex resumed>) = 1 [pid 2999] <... futex resumed>) = 0 [pid 2994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] getdents64(4, [pid 2999] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2999] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2994] <... clone3 resumed> => {parent_tid=[3016]}, 88) = 3016 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4 [pid 2994] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... close resumed>) = 0 [pid 2994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] rmdir("./86/file2" [pid 2994] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... rmdir resumed>) = 0 [pid 2994] <... futex resumed>) = 0 [pid 288] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2994] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./86/binderfs", [pid 3003] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 3016 attached [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./86/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 3016] set_robust_list(0x7f0aeccae9a0, 24 [pid 288] <... close resumed>) = 0 [pid 288] rmdir("./86") = 0 [pid 3003] <... openat resumed>) = 4 [pid 288] mkdir("./87", 0777) = 0 [pid 3003] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3016] <... set_robust_list resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 3003] <... futex resumed>) = 1 [pid 3003] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3016] write(4, "#! \n", 4) = 4 [pid 3016] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3016] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3018 [pid 2999] <... futex resumed>) = 0 [pid 2994] <... futex resumed>) = 0 [pid 2999] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2994] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2999] <... futex resumed>) = 1 [pid 2996] <... futex resumed>) = 0 [pid 2994] <... futex resumed>) = 1 [pid 3003] <... futex resumed>) = 0 [pid 2999] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2996] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2994] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3000] <... mount resumed>) = 0 [pid 3000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3000] chdir("./file2") = 0 [pid 3000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.268581][ T3003] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 65.302833][ T3000] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3000] ioctl(4, LOOP_CLR_FD) = 0 [pid 3000] close(4) = 0 [pid 3000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3000] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3018 attached [pid 3018] set_robust_list(0x555594a056a0, 24) = 0 [pid 3018] chdir("./87") = 0 [pid 3018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3018] setpgid(0, 0) = 0 [pid 3018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3018] write(3, "1000", 4) = 4 [pid 3018] close(3) = 0 [pid 3018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3018] write(1, "executing program\n", 18executing program ) = 18 [pid 3018] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3018] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3019]}, 88) = 3019 [pid 3018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3018] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3019 attached [pid 3019] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3019] memfd_create("syzkaller", 0) = 3 [pid 2997] <... futex resumed>) = 0 [pid 2997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3003] write(4, "#! \n", 4 [pid 3000] <... futex resumed>) = 0 [pid 2999] <... futex resumed>) = 0 [pid 2997] <... futex resumed>) = 1 [pid 2996] <... mmap resumed>) = 0x200000000000 [pid 3000] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3003] <... write resumed>) = 4 [pid 3019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3003] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3000] <... openat resumed>) = 4 [pid 2997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2996] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3003] <... futex resumed>) = 0 [pid 3000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2999] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2996] <... futex resumed>) = 1 [pid 2994] <... futex resumed>) = 0 [pid 3003] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3000] <... futex resumed>) = 0 [pid 2999] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3019] <... mmap resumed>) = 0x7f0ae48af000 [pid 2994] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2999] <... mprotect resumed>) = 0 [pid 3019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3019] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3019] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3019] ioctl(4, LOOP_SET_FD, 3 [pid 3002] <... mount resumed>) = 0 [pid 3002] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3002] chdir("./file2") = 0 [pid 3002] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3000] write(4, "#! \n", 4) = 4 [pid 3000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3000] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2994] <... futex resumed>) = 0 [pid 2994] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2997] <... futex resumed>) = 1 [pid 2997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3000] <... futex resumed>) = 0 [pid 3000] write(4, "#! \n", 4) = 4 [pid 3000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2997] <... futex resumed>) = 0 [pid 3000] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3000] <... mmap resumed>) = 0x200000000000 [pid 2997] <... futex resumed>) = 0 [pid 3000] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3000] <... futex resumed>) = 0 [pid 2997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2999] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2997] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2996] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2999] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3021]}, 88) = 3021 [pid 2999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2999] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2999] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3016] <... futex resumed>) = ? [pid 2994] <... futex resumed>) = ? [pid 3016] +++ killed by SIGBUS +++ [pid 2996] +++ killed by SIGBUS +++ [pid 2994] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2994, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3021 attached [pid 3021] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3021] write(4, "#! \n", 4) = 4 [pid 3021] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2999] <... futex resumed>) = 0 [pid 2999] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2999] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3003] <... futex resumed>) = 0 [pid 3003] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3003] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2999] <... futex resumed>) = 0 [pid 2999] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.317695][ T3002] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 65.335660][ T2996] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.342747][ T3000] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 2999] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3021] <... futex resumed>) = 1 [pid 3019] <... ioctl resumed>) = 0 [pid 3002] <... openat resumed>) = 4 [pid 3000] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 2997] <... futex resumed>) = 0 [pid 3019] close(3 [pid 3002] ioctl(4, LOOP_CLR_FD [pid 2997] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] <... close resumed>) = 0 [pid 3002] <... ioctl resumed>) = 0 [pid 3019] close(4 [pid 3002] close(4) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 3002] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3002] <... futex resumed>) = 1 [pid 2998] <... futex resumed>) = 0 [pid 3002] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 2998] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3021] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3003] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3002] <... openat resumed>) = 4 [pid 2998] <... futex resumed>) = 0 [pid 2997] <... futex resumed>) = ? [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3021] <... futex resumed>) = ? [pid 3002] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2999] <... futex resumed>) = ? [pid 2998] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3021] +++ killed by SIGBUS +++ [pid 3002] <... futex resumed>) = 0 [pid 2998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3002] write(4, "#! \n", 4 [pid 2998] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3002] <... write resumed>) = 4 [pid 2998] <... futex resumed>) = 0 [pid 3002] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2998] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3002] <... futex resumed>) = 0 [pid 2998] <... futex resumed>) = 0 [pid 3002] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3003] +++ killed by SIGBUS +++ [pid 2999] +++ killed by SIGBUS +++ [pid 2998] <... mmap resumed>) = 0x7f0aecc8e000 [pid 2998] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2999, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3000] +++ killed by SIGBUS +++ [pid 2997] +++ killed by SIGBUS +++ [pid 2998] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2997, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2998] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3022]}, 88) = 3022 ./strace-static-x86_64: Process 3022 attached [pid 2998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2998] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2998] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3022] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3022] write(4, "#! \n", 4) = 4 [pid 3022] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2998] <... futex resumed>) = 0 [pid 2998] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3002] <... futex resumed>) = 0 [pid 2998] <... futex resumed>) = 1 [pid 3002] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 2998] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3002] <... mmap resumed>) = 0x200000000000 [pid 3002] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2998] <... futex resumed>) = 0 [pid 3002] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2998] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2998] <... futex resumed>) = 0 [pid 3022] <... futex resumed>) = 1 [pid 3022] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2998] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... restart_syscall resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 3002] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3022] <... futex resumed>) = ? [pid 2998] <... futex resumed>) = ? [pid 290] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3022] +++ killed by SIGBUS +++ [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3002] +++ killed by SIGBUS +++ [pid 2998] +++ killed by SIGBUS +++ [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=2998, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] newfstatat(3, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 287] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3019] <... close resumed>) = 0 [pid 3019] mkdir("./file2", 0777) = 0 [ 65.362979][ T3003] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.386658][ T3002] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3019] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./88/file2") = 0 [pid 291] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./88/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./88") = 0 [pid 291] mkdir("./89", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 290] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./91/file2", [pid 287] newfstatat(AT_FDCWD, "./93/file2", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... openat resumed>) = 3 [pid 290] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... umount2 resumed>) = 0 [pid 287] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 290] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4 [pid 287] close(4 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] rmdir("./91/file2" [pid 287] rmdir("./93/file2" [pid 290] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./91/binderfs", [pid 287] newfstatat(AT_FDCWD, "./93/binderfs", [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./91/binderfs" [pid 287] unlink("./93/binderfs" [pid 290] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 290] getdents64(3, [pid 287] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3 [pid 287] close(3 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 290] rmdir("./91" [pid 287] rmdir("./93" [pid 290] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 290] mkdir("./92", 0777 [pid 287] mkdir("./94", 0777 [pid 290] <... mkdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] close(3 [pid 287] close(3 [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] close(3 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3023 [pid 289] newfstatat(AT_FDCWD, "./87/file2", [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3024 [pid 291] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3024 attached [pid 3024] set_robust_list(0x555594a056a0, 24) = 0 [pid 3024] chdir("./94" [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3026 [pid 289] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3024] <... chdir resumed>) = 0 [pid 289] <... openat resumed>) = 4 [pid 3024] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] newfstatat(4, "", [pid 3024] <... prctl resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3024] setpgid(0, 0 [pid 289] getdents64(4, [pid 3024] <... setpgid resumed>) = 0 [pid 3024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3024] <... openat resumed>) = 3 [pid 289] getdents64(4, [pid 3024] write(3, "1000", 4 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3024] <... write resumed>) = 4 [pid 289] close(4 [pid 3024] close(3 [pid 289] <... close resumed>) = 0 [pid 3024] <... close resumed>) = 0 [pid 289] rmdir("./87/file2"./strace-static-x86_64: Process 3023 attached [pid 3024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] <... rmdir resumed>) = 0 executing program [pid 3024] write(1, "executing program\n", 18 [pid 289] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3024] <... write resumed>) = 18 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3024] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./87/binderfs", [pid 3024] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3024] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 289] unlink("./87/binderfs" [pid 3024] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 289] <... unlink resumed>) = 0 [pid 3024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] getdents64(3, [pid 3024] <... mmap resumed>) = 0x7f0aeccaf000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3024] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 289] close(3 [pid 3024] <... mprotect resumed>) = 0 [pid 289] <... close resumed>) = 0 ./strace-static-x86_64: Process 3026 attached [pid 289] rmdir("./87" [pid 3024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3026] set_robust_list(0x555594a056a0, 24 [pid 289] <... rmdir resumed>) = 0 [pid 3024] <... clone3 resumed> => {parent_tid=[3028]}, 88) = 3028 [pid 289] mkdir("./88", 0777 [pid 3024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3024] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... mkdir resumed>) = 0 [pid 3024] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3024] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 3023] set_robust_list(0x555594a056a0, 24 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3023] <... set_robust_list resumed>) = 0 [pid 289] close(3 [pid 3023] chdir("./92" [pid 3026] <... set_robust_list resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3023] <... chdir resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3023] setpgid(0, 0) = 0 [pid 3023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3026] chdir("./89" [pid 3023] <... openat resumed>) = 3 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3029 [pid 3023] write(3, "1000", 4) = 4 [pid 3023] close(3) = 0 [pid 3023] symlink("/dev/binderfs", "./binderfs"executing program [pid 3026] <... chdir resumed>) = 0 [pid 3023] <... symlink resumed>) = 0 [pid 3023] write(1, "executing program\n", 18) = 18 [pid 3023] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3023] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3030]}, 88) = 3030 [pid 3023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3023] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3023] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3028 attached [pid 3028] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3028] memfd_create("syzkaller", 0) = 3 [pid 3028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3026] setpgid(0, 0 [pid 3028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 3030 attached [pid 3030] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3030] memfd_create("syzkaller", 0) = 3 [pid 3030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3028] <... write resumed>) = 524288 [pid 3030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3028] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3028] ioctl(4, LOOP_SET_FD, 3 [pid 3026] <... setpgid resumed>) = 0 [pid 3026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 3029 attached [pid 3030] <... write resumed>) = 524288 [pid 3026] write(3, "1000", 4 [pid 3029] set_robust_list(0x555594a056a0, 24 [pid 3026] <... write resumed>) = 4 [pid 3029] <... set_robust_list resumed>) = 0 [pid 3026] close(3 [pid 3029] chdir("./88" [pid 3026] <... close resumed>) = 0 [pid 3029] <... chdir resumed>) = 0 [pid 3026] symlink("/dev/binderfs", "./binderfs" [pid 3029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3026] <... symlink resumed>) = 0 executing program [pid 3029] <... prctl resumed>) = 0 [pid 3026] write(1, "executing program\n", 18 [pid 3029] setpgid(0, 0 [pid 3026] <... write resumed>) = 18 [pid 3029] <... setpgid resumed>) = 0 [pid 3026] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3026] <... futex resumed>) = 0 [pid 3029] <... openat resumed>) = 3 [pid 3026] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3029] write(3, "1000", 4 [pid 3026] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3029] <... write resumed>) = 4 [pid 3026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3029] close(3 [pid 3026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3029] <... close resumed>) = 0 [pid 3026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 3029] symlink("/dev/binderfs", "./binderfs" [pid 3026] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3029] <... symlink resumed>) = 0 [pid 3026] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3029] write(1, "executing program\n", 18 [pid 3026] <... mprotect resumed>) = 0 [pid 3029] <... write resumed>) = 18 [pid 3026] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3029] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3026] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3029] <... futex resumed>) = 0 [pid 3026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3029] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3026] <... clone3 resumed> => {parent_tid=[3032]}, 88) = 3032 [pid 3029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3026] rt_sigprocmask(SIG_SETMASK, [], [pid 3029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3029] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3026] <... futex resumed>) = 0 [pid 3029] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3029] <... mprotect resumed>) = 0 [pid 3029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3033]}, 88) = 3033 [pid 3029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3029] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3029] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3030] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3030] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 3033 attached ./strace-static-x86_64: Process 3032 attached [pid 3028] <... ioctl resumed>) = 0 [pid 3019] <... mount resumed>) = 0 [pid 3033] set_robust_list(0x7f0aecccf9a0, 24 [pid 3032] set_robust_list(0x7f0aecccf9a0, 24 [pid 3033] <... set_robust_list resumed>) = 0 [pid 3032] <... set_robust_list resumed>) = 0 [pid 3033] rt_sigprocmask(SIG_SETMASK, [], [pid 3032] rt_sigprocmask(SIG_SETMASK, [], [pid 3033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3033] memfd_create("syzkaller", 0 [pid 3032] memfd_create("syzkaller", 0 [pid 3033] <... memfd_create resumed>) = 3 [pid 3032] <... memfd_create resumed>) = 3 [pid 3033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3033] <... mmap resumed>) = 0x7f0ae48af000 [pid 3032] <... mmap resumed>) = 0x7f0ae48af000 [pid 3033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3030] <... openat resumed>) = 4 [pid 3030] ioctl(4, LOOP_SET_FD, 3 [pid 3033] <... write resumed>) = 524288 [pid 3028] close(3) = 0 [pid 3028] close(4 [pid 3019] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3019] chdir("./file2") = 0 [pid 3032] <... write resumed>) = 524288 [pid 3019] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3033] munmap(0x7f0ae48af000, 138412032 [pid 3032] munmap(0x7f0ae48af000, 138412032 [pid 3033] <... munmap resumed>) = 0 [pid 3030] <... ioctl resumed>) = 0 [pid 3032] <... munmap resumed>) = 0 [pid 3033] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3032] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3019] <... openat resumed>) = 4 [pid 3033] <... openat resumed>) = 4 [pid 3032] <... openat resumed>) = 4 [pid 3033] ioctl(4, LOOP_SET_FD, 3 [pid 3032] ioctl(4, LOOP_SET_FD, 3 [pid 3019] ioctl(4, LOOP_CLR_FD [pid 3030] close(3) = 0 [pid 3030] close(4 [pid 3028] <... close resumed>) = 0 [pid 3028] mkdir("./file2", 0777 [pid 3033] <... ioctl resumed>) = 0 [pid 3033] close(3) = 0 [pid 3033] close(4 [pid 3028] <... mkdir resumed>) = 0 [pid 3028] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3032] <... ioctl resumed>) = 0 [pid 3032] close(3) = 0 [ 65.698671][ T3019] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3032] close(4 [pid 3030] <... close resumed>) = 0 [pid 3019] <... ioctl resumed>) = 0 [pid 3030] mkdir("./file2", 0777) = 0 [pid 3019] close(4) = 0 [pid 3019] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3018] <... futex resumed>) = 0 [pid 3019] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3030] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3018] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3019] <... futex resumed>) = 0 [pid 3018] <... futex resumed>) = 1 [pid 3019] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3018] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] <... openat resumed>) = 4 [pid 3019] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3018] <... futex resumed>) = 0 [pid 3019] write(4, "#! \n", 4 [pid 3018] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3019] <... write resumed>) = 4 [pid 3018] <... futex resumed>) = 0 [pid 3019] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3018] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3019] <... futex resumed>) = 0 [pid 3018] <... futex resumed>) = 0 [pid 3019] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3018] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3037 attached => {parent_tid=[3037]}, 88) = 3037 [pid 3018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3018] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3037] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3037] write(4, "#! \n", 4) = 4 [pid 3037] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3018] <... futex resumed>) = 0 [pid 3037] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3018] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3019] <... futex resumed>) = 0 [pid 3018] <... futex resumed>) = 1 [pid 3019] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3018] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] <... mmap resumed>) = 0x200000000000 [pid 3019] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3018] <... futex resumed>) = 0 [pid 3018] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3018] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3019] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3037] <... futex resumed>) = ? [pid 3018] <... futex resumed>) = ? [pid 3037] +++ killed by SIGBUS +++ [pid 3019] +++ killed by SIGBUS +++ [pid 3018] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3018, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 288] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3028] <... mount resumed>) = 0 [pid 3028] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3028] chdir("./file2") = 0 [pid 3028] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3033] <... close resumed>) = 0 [pid 3033] mkdir("./file2", 0777) = 0 [pid 3033] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3032] <... close resumed>) = 0 [pid 3028] <... openat resumed>) = 4 [pid 3028] ioctl(4, LOOP_CLR_FD) = 0 [pid 3028] close(4) = 0 [pid 3028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] <... futex resumed>) = 0 [pid 3024] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3028] <... futex resumed>) = 1 [pid 3028] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3032] mkdir("./file2", 0777) = 0 [pid 3032] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3028] <... openat resumed>) = 4 [pid 3028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] <... futex resumed>) = 0 [pid 3024] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3024] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3040]}, 88) = 3040 ./strace-static-x86_64: Process 3040 attached [pid 3028] <... futex resumed>) = 1 [pid 3024] rt_sigprocmask(SIG_SETMASK, [], [pid 3040] set_robust_list(0x7f0aeccae9a0, 24 [pid 3028] write(4, "#! \n", 4 [pid 3024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3024] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3040] <... set_robust_list resumed>) = 0 [pid 3040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3040] write(4, "#! \n", 4) = 4 [pid 3028] <... write resumed>) = 4 [pid 3040] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] <... futex resumed>) = 0 [pid 3028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3024] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3024] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3040] <... futex resumed>) = 1 [pid 3040] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3024] <... futex resumed>) = 0 [pid 3024] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3028] <... futex resumed>) = 1 [pid 3028] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3028] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3024] <... futex resumed>) = 0 [pid 3028] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3024] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 65.775154][ T3019] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.778739][ T3028] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3024] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3028] <... futex resumed>) = 0 [pid 3028] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3040] <... futex resumed>) = ? [pid 3024] <... futex resumed>) = ? [pid 3040] +++ killed by SIGBUS +++ [pid 3028] +++ killed by SIGBUS +++ [pid 3024] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3024, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3032] <... mount resumed>) = 0 [pid 3032] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3032] chdir("./file2") = 0 [pid 3032] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3030] <... mount resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./87/file2") = 0 [pid 288] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./87/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./87") = 0 [pid 288] mkdir("./88", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3032] <... openat resumed>) = 4 [pid 3030] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3032] ioctl(4, LOOP_CLR_FD [pid 3030] <... openat resumed>) = 3 [pid 3030] chdir("./file2") = 0 [ 65.845919][ T3028] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.848784][ T3032] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 65.864473][ T3030] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3030] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3033] <... mount resumed>) = 0 [pid 3033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3033] chdir("./file2") = 0 [pid 3033] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./94/file2") = 0 [pid 287] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 3030] <... openat resumed>) = 4 [pid 288] ioctl(3, LOOP_CLR_FD [pid 3030] ioctl(4, LOOP_CLR_FD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3030] <... ioctl resumed>) = 0 [pid 288] close(3 [pid 3030] close(4 [pid 288] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3030] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3030] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(AT_FDCWD, "./94/binderfs", [pid 3030] <... futex resumed>) = 1 [pid 3023] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3030] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3023] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3030] <... openat resumed>) = 4 [pid 3023] <... futex resumed>) = 0 [pid 287] unlink("./94/binderfs" [pid 3030] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3030] <... futex resumed>) = 0 [pid 3023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3047 [pid 287] <... unlink resumed>) = 0 [pid 3030] write(4, "#! \n", 4 [pid 3023] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3030] <... write resumed>) = 4 [pid 3023] <... futex resumed>) = 0 [pid 287] getdents64(3, [pid 3030] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3030] <... futex resumed>) = 0 [pid 3023] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3030] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 287] close(3 [pid 3023] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3032] <... ioctl resumed>) = 0 [pid 3023] <... mprotect resumed>) = 0 [pid 287] <... close resumed>) = 0 ./strace-static-x86_64: Process 3047 attached [pid 3033] <... openat resumed>) = 4 [pid 3032] close(4 [pid 3023] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3032] <... close resumed>) = 0 [pid 3023] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] rmdir("./94" [pid 3032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3048 attached [pid 3047] set_robust_list(0x555594a056a0, 24 [pid 3033] ioctl(4, LOOP_CLR_FD [pid 3032] <... futex resumed>) = 1 [pid 3026] <... futex resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3023] <... clone3 resumed> => {parent_tid=[3048]}, 88) = 3048 [pid 3023] rt_sigprocmask(SIG_SETMASK, [], [pid 287] mkdir("./95", 0777 [pid 3023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3033] <... ioctl resumed>) = 0 [pid 3048] set_robust_list(0x7f0aeccae9a0, 24 [pid 3047] <... set_robust_list resumed>) = 0 [pid 3032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3033] close(4 [pid 3032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3026] <... futex resumed>) = 0 [pid 3023] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... mkdir resumed>) = 0 [pid 3033] <... close resumed>) = 0 [pid 3032] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3023] <... futex resumed>) = 0 [pid 3023] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3033] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3032] <... openat resumed>) = 4 [pid 3033] <... futex resumed>) = 1 [pid 3032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3029] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 3033] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3032] <... futex resumed>) = 1 [pid 3029] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3026] <... futex resumed>) = 0 [pid 3032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3029] <... futex resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3033] <... openat resumed>) = 4 [pid 3029] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] close(3 [pid 3026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3033] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3032] write(4, "#! \n", 4 [pid 3026] <... futex resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3048] <... set_robust_list resumed>) = 0 [pid 3047] chdir("./88" [pid 3033] <... futex resumed>) = 1 [pid 3032] <... write resumed>) = 4 [pid 3029] <... futex resumed>) = 0 [pid 3026] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3049 attached [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3049 [pid 3049] set_robust_list(0x555594a056a0, 24 [pid 3048] rt_sigprocmask(SIG_SETMASK, [], [pid 3047] <... chdir resumed>) = 0 [pid 3033] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3029] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3026] <... futex resumed>) = 0 [pid 3033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3032] <... futex resumed>) = 0 [pid 3029] <... futex resumed>) = 0 [pid 3026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3033] write(4, "#! \n", 4 [pid 3029] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3026] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3033] <... write resumed>) = 4 [pid 3029] <... futex resumed>) = 0 [pid 3033] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3026] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3026] <... mprotect resumed>) = 0 [pid 3047] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3033] <... futex resumed>) = 0 [pid 3029] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3047] <... prctl resumed>) = 0 [pid 3026] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3047] setpgid(0, 0 [pid 3033] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3029] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3026] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3047] <... setpgid resumed>) = 0 [pid 3029] <... mprotect resumed>) = 0 [pid 3026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3026] <... clone3 resumed> => {parent_tid=[3050]}, 88) = 3050 [pid 3026] rt_sigprocmask(SIG_SETMASK, [], [pid 3047] <... openat resumed>) = 3 [pid 3029] <... clone3 resumed> => {parent_tid=[3051]}, 88) = 3051 [pid 3026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3029] rt_sigprocmask(SIG_SETMASK, [], [pid 3047] write(3, "1000", 4) = 4 [pid 3029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3026] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3029] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3049] <... set_robust_list resumed>) = 0 [pid 3048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3047] close(3 [pid 3026] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3029] <... futex resumed>) = 0 [pid 3048] write(4, "#! \n", 4 [pid 3047] <... close resumed>) = 0 [pid 3029] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3048] <... write resumed>) = 4 [pid 3047] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 3051 attached ./strace-static-x86_64: Process 3050 attached [pid 3049] chdir("./95" [pid 3047] <... symlink resumed>) = 0 [pid 3048] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3047] write(1, "executing program\n", 18 [pid 3048] <... futex resumed>) = 1 [pid 3023] <... futex resumed>) = 0 [pid 3051] set_robust_list(0x7f0aeccae9a0, 24executing program [ 65.901898][ T3033] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3050] set_robust_list(0x7f0aeccae9a0, 24 [pid 3049] <... chdir resumed>) = 0 [pid 3051] <... set_robust_list resumed>) = 0 [pid 3048] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3047] <... write resumed>) = 18 [pid 3023] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3047] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] <... futex resumed>) = 1 [pid 3030] <... futex resumed>) = 0 [pid 3030] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3023] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3051] rt_sigprocmask(SIG_SETMASK, [], [pid 3049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3047] <... futex resumed>) = 0 [pid 3050] <... set_robust_list resumed>) = 0 [pid 3050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3050] write(4, "#! \n", 4 [pid 3030] <... mmap resumed>) = 0x200000000000 [pid 3047] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3050] <... write resumed>) = 4 [pid 3050] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3050] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3049] <... prctl resumed>) = 0 [pid 3047] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3030] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3026] <... futex resumed>) = 0 [pid 3047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3030] <... futex resumed>) = 1 [pid 3026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3023] <... futex resumed>) = 0 [pid 3047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3032] <... futex resumed>) = 0 [pid 3030] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3026] <... futex resumed>) = 1 [pid 3023] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3032] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3026] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3023] <... futex resumed>) = 0 [pid 3051] write(4, "#! \n", 4 [pid 3049] setpgid(0, 0 [pid 3047] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3032] <... mmap resumed>) = 0x200000000000 [pid 3049] <... setpgid resumed>) = 0 [pid 3049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3049] write(3, "1000", 4) = 4 [pid 3049] close(3) = 0 [pid 3049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3049] write(1, "executing program\n", 18executing program ) = 18 [pid 3049] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3049] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3049] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3052]}, 88) = 3052 [pid 3049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3049] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3049] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3051] <... write resumed>) = 4 [pid 3051] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3051] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3023] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3047] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3053]}, 88) = 3053 [pid 3047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3047] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3047] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3032] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3026] <... futex resumed>) = 0 [pid 3032] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3026] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3026] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3053 attached ./strace-static-x86_64: Process 3052 attached [pid 3030] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3029] <... futex resumed>) = 0 [pid 3053] set_robust_list(0x7f0aecccf9a0, 24 [pid 3052] set_robust_list(0x7f0aecccf9a0, 24 [pid 3029] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3053] <... set_robust_list resumed>) = 0 [pid 3052] <... set_robust_list resumed>) = 0 [pid 3033] <... futex resumed>) = 0 [pid 3029] <... futex resumed>) = 1 [pid 3053] rt_sigprocmask(SIG_SETMASK, [], [pid 3052] rt_sigprocmask(SIG_SETMASK, [], [pid 3033] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3029] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3033] <... mmap resumed>) = 0x200000000000 [pid 3053] memfd_create("syzkaller", 0 [pid 3052] memfd_create("syzkaller", 0 [pid 3033] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3053] <... memfd_create resumed>) = 3 [pid 3052] <... memfd_create resumed>) = 3 [pid 3033] <... futex resumed>) = 1 [pid 3029] <... futex resumed>) = 0 [pid 3053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3033] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3029] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3053] <... mmap resumed>) = 0x7f0ae48af000 [pid 3052] <... mmap resumed>) = 0x7f0ae48af000 [pid 3048] <... futex resumed>) = ? [pid 3033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3029] <... futex resumed>) = 0 [pid 3023] <... futex resumed>) = ? [pid 3053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3032] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3050] <... futex resumed>) = ? [pid 3050] +++ killed by SIGBUS +++ [pid 3032] +++ killed by SIGBUS +++ [pid 3026] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3026, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3029] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3053] <... write resumed>) = 524288 [pid 3053] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3053] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3053] ioctl(4, LOOP_SET_FD, 3 [pid 3052] <... write resumed>) = 524288 [pid 3052] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3052] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3030] +++ killed by SIGBUS +++ [pid 3053] <... ioctl resumed>) = 0 [pid 3052] <... openat resumed>) = 4 [pid 3053] close(3 [pid 3052] ioctl(4, LOOP_SET_FD, 3 [pid 3053] <... close resumed>) = 0 [pid 3053] close(4 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3048] +++ killed by SIGBUS +++ [pid 3023] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3023, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3053] <... close resumed>) = 0 [pid 3052] <... ioctl resumed>) = 0 [pid 3033] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3053] mkdir("./file2", 0777 [pid 3052] close(3 [pid 3053] <... mkdir resumed>) = 0 [pid 3052] <... close resumed>) = 0 [pid 3053] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3052] close(4 [pid 3051] <... futex resumed>) = ? [pid 3029] <... futex resumed>) = ? [pid 3051] +++ killed by SIGBUS +++ [pid 3033] +++ killed by SIGBUS +++ [pid 3029] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3029, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... restart_syscall resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 290] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(3, "", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] getdents64(3, [pid 290] newfstatat(3, "", [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 65.971937][ T3030] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.981355][ T3032] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 65.993949][ T3033] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3052] <... close resumed>) = 0 [pid 3052] mkdir("./file2", 0777) = 0 [pid 3052] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3053] <... mount resumed>) = 0 [pid 3053] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3053] chdir("./file2") = 0 [ 66.178599][ T3053] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3053] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 3053] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3053] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3053] close(4 [pid 290] newfstatat(AT_FDCWD, "./92/file2", [pid 289] newfstatat(AT_FDCWD, "./88/file2", [pid 3053] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3053] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3053] <... futex resumed>) = 1 [pid 3047] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3053] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3047] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3053] <... openat resumed>) = 4 [pid 3047] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 3053] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3047] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 3053] <... futex resumed>) = 0 [pid 3047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3053] write(4, "#! \n", 4 [pid 3047] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 3053] <... write resumed>) = 4 [pid 3047] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3053] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3047] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 3053] <... futex resumed>) = 0 [pid 3047] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3053] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] close(4 [pid 289] close(4 [pid 3047] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3047] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] rmdir("./92/file2" [pid 289] rmdir("./88/file2" [pid 3047] <... mprotect resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 3047] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3047] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./92/binderfs", [pid 289] newfstatat(AT_FDCWD, "./88/binderfs", [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3047] <... clone3 resumed> => {parent_tid=[3059]}, 88) = 3059 [pid 290] unlink("./92/binderfs" [pid 289] unlink("./88/binderfs" [pid 3047] rt_sigprocmask(SIG_SETMASK, [], [pid 291] newfstatat(AT_FDCWD, "./89/file2", [pid 290] <... unlink resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 3047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] getdents64(3, [pid 289] getdents64(3, [pid 3047] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3047] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] close(3 [pid 289] close(3 [pid 3047] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 290] rmdir("./92" [pid 289] rmdir("./88"./strace-static-x86_64: Process 3059 attached [pid 291] newfstatat(4, "", [pid 290] <... rmdir resumed>) = 0 [pid 290] mkdir("./93", 0777 [pid 289] <... rmdir resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 289] mkdir("./89", 0777 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... mkdir resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... openat resumed>) = 3 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] ioctl(3, LOOP_CLR_FD [pid 290] close(3 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... close resumed>) = 0 [pid 289] close(3 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3061 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3062 [pid 3059] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3059] write(4, "#! \n", 4) = 4 [pid 3059] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3047] <... futex resumed>) = 0 [pid 3059] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3047] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3053] <... futex resumed>) = 0 [pid 3047] <... futex resumed>) = 1 [pid 3053] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3047] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3053] <... mmap resumed>) = 0x200000000000 [pid 3053] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3053] <... futex resumed>) = 1 [pid 3047] <... futex resumed>) = 0 [pid 3053] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3047] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) executing program [pid 3047] <... futex resumed>) = 0 [pid 3047] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] getdents64(4, [pid 3053] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3059] <... futex resumed>) = ? [pid 3047] <... futex resumed>) = ? [pid 3059] +++ killed by SIGBUS +++ [pid 3053] +++ killed by SIGBUS +++ [pid 3047] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3047, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3061 attached [pid 3061] set_robust_list(0x555594a056a0, 24) = 0 [pid 3061] chdir("./93") = 0 [pid 3061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3061] setpgid(0, 0) = 0 [pid 3061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3061] write(3, "1000", 4) = 4 [pid 3061] close(3) = 0 [pid 3061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3061] write(1, "executing program\n", 18) = 18 [pid 3061] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3061] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3061] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3064]}, 88) = 3064 [pid 3061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3061] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3061] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3064 attached [pid 3064] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3064] memfd_create("syzkaller", 0) = 3 [pid 3064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3064] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3064] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3064] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3062 attached [pid 3062] set_robust_list(0x555594a056a0, 24) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3062] chdir("./89") = 0 [pid 3062] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] getdents64(4, [pid 3062] <... prctl resumed>) = 0 [pid 3062] setpgid(0, 0) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3062] write(3, "1000", 4) = 4 [pid 3062] close(3 [pid 291] close(4 [pid 3062] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 3062] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3062] write(1, "executing program\n", 18) = 18 [pid 3062] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 291] rmdir("./89/file2" [pid 3062] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3062] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... rmdir resumed>) = 0 [pid 3062] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3062] <... clone3 resumed> => {parent_tid=[3066]}, 88) = 3066 [pid 3062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3062] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3064] <... ioctl resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./89/binderfs", [pid 3064] close(3) = 0 [pid 3064] close(4) = 0 [pid 3064] mkdir("./file2", 0777 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3064] <... mkdir resumed>) = 0 [pid 291] unlink("./89/binderfs" [pid 3064] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 3066 attached [pid 3052] <... mount resumed>) = 0 [pid 291] getdents64(3, [pid 3066] set_robust_list(0x7f0aecccf9a0, 24 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3066] <... set_robust_list resumed>) = 0 [pid 291] close(3 [pid 3052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3066] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... close resumed>) = 0 [pid 3052] <... openat resumed>) = 3 [pid 3052] chdir("./file2") = 0 [pid 3066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] rmdir("./89" [pid 3052] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3066] memfd_create("syzkaller", 0) = 3 [pid 291] <... rmdir resumed>) = 0 [pid 3066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 291] mkdir("./90", 0777 [pid 3066] <... mmap resumed>) = 0x7f0ae48af000 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3066] munmap(0x7f0ae48af000, 138412032) = 0 [ 66.247660][ T3053] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 66.248380][ T3052] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3066] <... openat resumed>) = 4 [pid 291] close(3 [pid 3052] <... openat resumed>) = 4 [pid 291] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", [pid 3066] ioctl(4, LOOP_SET_FD, 3 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3067 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 3066] <... ioctl resumed>) = 0 [pid 288] rmdir("./88/file2") = 0 [pid 288] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3066] close(3 [pid 288] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./88/binderfs") = 0 [pid 3066] <... close resumed>) = 0 [pid 288] getdents64(3, [pid 3066] close(4 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3066] <... close resumed>) = 0 [pid 288] close(3 [pid 3066] mkdir("./file2", 0777 [pid 288] <... close resumed>) = 0 [pid 288] rmdir("./88" [pid 3066] <... mkdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 288] mkdir("./89", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3./strace-static-x86_64: Process 3067 attached [pid 3066] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3052] ioctl(4, LOOP_CLR_FD [pid 288] <... close resumed>) = 0 [pid 3067] set_robust_list(0x555594a056a0, 24) = 0 [pid 3067] chdir("./90") = 0 [pid 3067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3067] setpgid(0, 0) = 0 [pid 3067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3067] write(3, "1000", 4) = 4 [pid 3067] close(3) = 0 [pid 3067] symlink("/dev/binderfs", "./binderfs"executing program [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3067] <... symlink resumed>) = 0 [pid 3067] write(1, "executing program\n", 18) = 18 [pid 3067] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3067] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3070 [pid 3067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3067] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3071]}, 88) = 3071 [pid 3067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3067] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3067] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3070 attached [pid 3070] set_robust_list(0x555594a056a0, 24) = 0 [pid 3070] chdir("./89") = 0 [pid 3070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3070] setpgid(0, 0) = 0 [pid 3070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3070] write(3, "1000", 4) = 4 [pid 3070] close(3) = 0 [pid 3070] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3070] write(1, "executing program\n", 18) = 18 [pid 3070] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3070] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3073]}, 88) = 3073 [pid 3070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3070] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3073 attached [pid 3073] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3073] memfd_create("syzkaller", 0) = 3 [pid 3073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3073] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3073] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 3071 attached [pid 3071] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3071] memfd_create("syzkaller", 0) = 3 [pid 3071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3071] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3071] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3064] <... mount resumed>) = 0 [pid 3064] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3064] chdir("./file2") = 0 [pid 3064] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3073] <... openat resumed>) = 4 [pid 3052] <... ioctl resumed>) = 0 [pid 3073] ioctl(4, LOOP_SET_FD, 3 [pid 3052] close(4 [pid 3071] <... openat resumed>) = 4 [pid 3064] <... openat resumed>) = 4 [pid 3052] <... close resumed>) = 0 [pid 3071] ioctl(4, LOOP_SET_FD, 3 [pid 3064] ioctl(4, LOOP_CLR_FD [pid 3052] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3052] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3071] <... ioctl resumed>) = 0 [pid 3071] close(3 [pid 3064] <... ioctl resumed>) = 0 [pid 3071] <... close resumed>) = 0 [pid 3064] close(4 [pid 3071] close(4 [pid 3049] <... futex resumed>) = 0 [pid 3049] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3049] <... futex resumed>) = 1 [pid 3052] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3049] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] <... ioctl resumed>) = 0 [pid 3052] <... openat resumed>) = 4 [pid 3073] close(3 [pid 3052] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3073] <... close resumed>) = 0 [pid 3052] <... futex resumed>) = 1 [pid 3049] <... futex resumed>) = 0 [pid 3073] close(4 [pid 3052] write(4, "#! \n", 4 [pid 3049] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... write resumed>) = 4 [pid 3049] <... futex resumed>) = 0 [pid 3052] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3049] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3049] <... futex resumed>) = 0 [pid 3052] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3049] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3076]}, 88) = 3076 ./strace-static-x86_64: Process 3076 attached [pid 3049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3049] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3049] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3076] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3076] write(4, "#! \n", 4) = 4 [pid 3076] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3049] <... futex resumed>) = 0 [pid 3049] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = 0 [pid 3049] <... futex resumed>) = 1 [pid 3052] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3049] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3052] <... mmap resumed>) = 0x200000000000 [pid 3076] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3052] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3049] <... futex resumed>) = 0 [pid 3052] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3049] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 66.349719][ T3064] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3049] <... futex resumed>) = 0 [pid 3049] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3052] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3066] <... mount resumed>) = 0 [pid 3066] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3066] chdir("./file2") = 0 [pid 3066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3073] <... close resumed>) = 0 [pid 3049] <... futex resumed>) = ? [pid 3073] mkdir("./file2", 0777 [pid 3076] <... futex resumed>) = ? [pid 3064] <... close resumed>) = 0 [pid 3073] <... mkdir resumed>) = 0 [pid 3064] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3061] <... futex resumed>) = 0 [pid 3064] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3061] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3076] +++ killed by SIGBUS +++ [pid 3073] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3061] <... futex resumed>) = 0 [pid 3064] <... openat resumed>) = 4 [pid 3061] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3064] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3061] <... futex resumed>) = 0 [pid 3064] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3061] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3064] <... futex resumed>) = 0 [pid 3061] <... futex resumed>) = 1 [pid 3052] +++ killed by SIGBUS +++ [pid 3049] +++ killed by SIGBUS +++ [pid 3064] write(4, "#! \n", 4 [pid 3061] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3064] <... write resumed>) = 4 [pid 3061] <... futex resumed>) = 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3049, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 3064] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3064] <... futex resumed>) = 0 [pid 3061] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3064] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3061] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3079 attached [pid 3079] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3079] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3061] <... clone3 resumed> => {parent_tid=[3079]}, 88) = 3079 [pid 3061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3061] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3061] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3079] <... futex resumed>) = 0 [pid 3079] write(4, "#! \n", 4) = 4 [pid 3079] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3061] <... futex resumed>) = 0 [pid 3061] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3061] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3079] <... futex resumed>) = 1 [pid 3079] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3064] <... futex resumed>) = 0 [pid 3064] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3064] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3061] <... futex resumed>) = 0 [pid 3064] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3061] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3061] <... futex resumed>) = 0 [pid 3061] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3064] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 287] <... restart_syscall resumed>) = 0 [pid 3079] <... futex resumed>) = ? [pid 3061] <... futex resumed>) = ? [pid 287] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3079] +++ killed by SIGBUS +++ [pid 3064] +++ killed by SIGBUS +++ [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", [pid 3061] +++ killed by SIGBUS +++ [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3061, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3071] <... close resumed>) = 0 [pid 3066] <... openat resumed>) = 4 [pid 3066] ioctl(4, LOOP_CLR_FD) = 0 [pid 3066] close(4) = 0 [pid 3066] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3066] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3071] mkdir("./file2", 0777 [pid 3062] <... futex resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 3071] <... mkdir resumed>) = 0 [pid 3062] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3071] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3062] <... futex resumed>) = 1 [pid 3062] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3066] <... futex resumed>) = 0 [pid 3066] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", [pid 3066] <... openat resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 3066] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3066] <... futex resumed>) = 1 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3066] write(4, "#! \n", 4) = 4 [pid 3066] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3062] <... futex resumed>) = 0 [pid 3066] <... futex resumed>) = 0 [pid 3062] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3066] write(4, "#! \n", 4 [pid 3062] <... futex resumed>) = 0 [pid 3066] <... write resumed>) = 4 [pid 3062] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3066] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3066] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3062] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3066] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3066] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3062] <... futex resumed>) = 0 [pid 3062] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3066] <... futex resumed>) = 1 [pid 3062] <... futex resumed>) = 0 [ 66.397856][ T3052] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 66.409155][ T3066] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 66.432514][ T3064] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3062] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3066] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3062] <... futex resumed>) = ? [pid 3066] +++ killed by SIGBUS +++ [pid 3062] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3062, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3073] <... mount resumed>) = 0 [pid 3073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3073] chdir("./file2") = 0 [pid 3073] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./95/file2") = 0 [pid 287] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./95/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./95") = 0 [pid 287] mkdir("./96", 0777) = 0 [ 66.466921][ T3066] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 66.483490][ T3073] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3071] <... mount resumed>) = 0 [pid 3071] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3071] chdir("./file2") = 0 [ 66.568718][ T3071] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3071] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3073] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3084 ./strace-static-x86_64: Process 3084 attached [pid 3084] set_robust_list(0x555594a056a0, 24) = 0 [pid 3084] chdir("./96" [pid 3073] ioctl(4, LOOP_CLR_FD [pid 290] <... umount2 resumed>) = 0 [pid 3084] <... chdir resumed>) = 0 [pid 3073] <... ioctl resumed>) = 0 [pid 3071] <... openat resumed>) = 4 [pid 290] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 3073] close(4) = 0 [pid 3073] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3070] <... futex resumed>) = 0 [pid 3073] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3070] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3070] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3073] <... openat resumed>) = 4 [pid 3073] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3070] <... futex resumed>) = 0 [pid 3073] write(4, "#! \n", 4 [pid 3070] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3073] <... write resumed>) = 4 [pid 3070] <... futex resumed>) = 0 [pid 3073] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3070] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3073] <... futex resumed>) = 0 [pid 3070] <... futex resumed>) = 0 [pid 3073] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3070] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./93/file2", [pid 289] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3070] <... clone3 resumed> => {parent_tid=[3085]}, 88) = 3085 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3070] rt_sigprocmask(SIG_SETMASK, [], [pid 290] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(AT_FDCWD, "./89/file2", [pid 3070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3070] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3070] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3070] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(4, "", [pid 289] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... openat resumed>) = 4 [pid 290] getdents64(4, [pid 289] newfstatat(4, "", [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, [pid 289] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] close(4 [pid 289] getdents64(4, [pid 290] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] rmdir("./93/file2" [pid 289] close(4 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 290] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./89/file2" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... rmdir resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./93/binderfs", [pid 289] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] unlink("./93/binderfs" [pid 289] newfstatat(AT_FDCWD, "./89/binderfs", [pid 290] <... unlink resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] getdents64(3, [pid 289] unlink("./89/binderfs" [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... unlink resumed>) = 0 [pid 290] close(3 [pid 289] getdents64(3, [pid 290] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] rmdir("./93") = 0 [pid 289] close(3 [pid 290] mkdir("./94", 0777 [pid 289] <... close resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 289] rmdir("./89" [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... rmdir resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] mkdir("./90", 0777 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... mkdir resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] close(3 [pid 289] <... openat resumed>) = 3 [pid 290] <... close resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3086 [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3087 [pid 3071] ioctl(4, LOOP_CLR_FD) = 0 [pid 3084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3071] close(4 [pid 3084] <... prctl resumed>) = 0 [pid 3071] <... close resumed>) = 0 [pid 3084] setpgid(0, 0 [pid 3071] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] <... setpgid resumed>) = 0 [pid 3067] <... futex resumed>) = 0 [pid 3067] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3067] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3071] <... futex resumed>) = 1 [pid 3071] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3084] <... openat resumed>) = 3 [pid 3084] write(3, "1000", 4) = 4 [pid 3071] <... openat resumed>) = 4 [pid 3084] close(3) = 0 [pid 3084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3071] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3067] <... futex resumed>) = 0 [pid 3067] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3067] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 3071] <... futex resumed>) = 1 [pid 3067] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3084] write(1, "executing program\n", 18 [pid 3071] write(4, "#! \n", 4 [pid 3067] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3084] <... write resumed>) = 18 [pid 3071] <... write resumed>) = 4 [pid 3067] <... mprotect resumed>) = 0 [pid 3084] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3071] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3084] <... futex resumed>) = 0 [pid 3071] <... futex resumed>) = 0 [pid 3067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3084] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3071] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3084] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3067] <... clone3 resumed> => {parent_tid=[3088]}, 88) = 3088 [pid 3084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3067] rt_sigprocmask(SIG_SETMASK, [], [pid 3084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3084] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3067] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3067] <... futex resumed>) = 0 [pid 3084] <... mprotect resumed>) = 0 [pid 3067] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3089]}, 88) = 3089 [pid 3084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3084] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3087 attached [pid 3084] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3087] set_robust_list(0x555594a056a0, 24) = 0 [pid 3087] chdir("./90") = 0 [pid 3087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3087] setpgid(0, 0) = 0 [pid 3087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3087] write(3, "1000", 4) = 4 [pid 3087] close(3./strace-static-x86_64: Process 3088 attached ) = 0 [pid 3088] set_robust_list(0x7f0aeccae9a0, 24 [pid 3087] symlink("/dev/binderfs", "./binderfs"executing program [pid 3088] <... set_robust_list resumed>) = 0 [pid 3087] <... symlink resumed>) = 0 [pid 3088] rt_sigprocmask(SIG_SETMASK, [], [pid 3087] write(1, "executing program\n", 18 [pid 3088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3087] <... write resumed>) = 18 [pid 3088] write(4, "#! \n", 4 [pid 3087] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3088] <... write resumed>) = 4 [pid 3087] <... futex resumed>) = 0 [pid 3088] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3087] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3088] <... futex resumed>) = 1 [pid 3087] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3067] <... futex resumed>) = 0 [pid 3067] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3071] <... futex resumed>) = 0 [pid 3067] <... futex resumed>) = 1 [pid 3071] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3067] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3071] <... mmap resumed>) = 0x200000000000 [pid 3071] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3088] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3071] <... futex resumed>) = 1 [pid 3067] <... futex resumed>) = 0 [pid 3071] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3067] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3067] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3089 attached ./strace-static-x86_64: Process 3086 attached ./strace-static-x86_64: Process 3085 attached [pid 3087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3089] set_robust_list(0x7f0aecccf9a0, 24 [pid 3087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3086] set_robust_list(0x555594a056a0, 24 [pid 3085] set_robust_list(0x7f0aeccae9a0, 24 [pid 3089] <... set_robust_list resumed>) = 0 [pid 3087] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3086] <... set_robust_list resumed>) = 0 [pid 3085] <... set_robust_list resumed>) = 0 [pid 3089] rt_sigprocmask(SIG_SETMASK, [], [pid 3087] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3086] chdir("./94" [pid 3085] rt_sigprocmask(SIG_SETMASK, [], [pid 3089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3087] <... mprotect resumed>) = 0 [pid 3086] <... chdir resumed>) = 0 [pid 3085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3089] memfd_create("syzkaller", 0) = 3 [pid 3087] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3085] write(4, "#! \n", 4 [pid 3089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3087] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3086] <... prctl resumed>) = 0 [pid 3085] <... write resumed>) = 4 [pid 3071] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3067] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3088] <... futex resumed>) = ? [pid 3067] <... futex resumed>) = ? [pid 3088] +++ killed by SIGBUS +++ [pid 3071] +++ killed by SIGBUS +++ [pid 3067] +++ killed by SIGBUS +++ [pid 3089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3067, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3086] setpgid(0, 0 [pid 3085] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3087] <... clone3 resumed> => {parent_tid=[3090]}, 88) = 3090 [pid 3087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3090 attached [pid 3090] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3090] memfd_create("syzkaller", 0) = 3 [pid 3089] <... write resumed>) = 524288 [pid 3086] <... setpgid resumed>) = 0 [pid 3085] <... futex resumed>) = 1 [pid 3070] <... futex resumed>) = 0 [pid 3070] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3073] <... futex resumed>) = 0 [pid 3070] <... futex resumed>) = 1 [pid 3073] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3070] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3089] munmap(0x7f0ae48af000, 138412032 [pid 3073] <... mmap resumed>) = 0x200000000000 [pid 3073] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3070] <... futex resumed>) = 0 [pid 3090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3089] <... munmap resumed>) = 0 [pid 3086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3085] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3070] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3089] ioctl(4, LOOP_SET_FD, 3 [pid 3086] <... openat resumed>) = 3 [pid 3086] write(3, "1000", 4) = 4 [pid 3086] close(3) = 0 [pid 3086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3086] write(1, "executing program\n", 18executing program ) = 18 [pid 3086] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3086] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3091]}, 88) = 3091 [pid 3086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3086] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3086] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3090] <... mmap resumed>) = 0x7f0ae48af000 [pid 3090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3090] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3090] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3070] <... futex resumed>) = 0 [pid 3070] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3089] <... ioctl resumed>) = 0 [pid 3090] <... openat resumed>) = 4 [pid 3090] ioctl(4, LOOP_SET_FD, 3 [pid 3089] close(3) = 0 [pid 3089] close(4 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 3091 attached [pid 3091] set_robust_list(0x7f0aecccf9a0, 24 [pid 3073] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 291] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3091] <... set_robust_list resumed>) = 0 [pid 3090] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 3089] <... close resumed>) = 0 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3091] rt_sigprocmask(SIG_SETMASK, [], [pid 3090] close(3 [pid 3089] mkdir("./file2", 0777 [pid 3085] <... futex resumed>) = ? [pid 3070] <... futex resumed>) = ? [pid 3091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3091] memfd_create("syzkaller", 0 [pid 3090] <... close resumed>) = 0 [pid 3089] <... mkdir resumed>) = 0 [pid 3091] <... memfd_create resumed>) = 3 [pid 3090] close(4 [pid 3089] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3085] +++ killed by SIGBUS +++ [pid 3091] <... mmap resumed>) = 0x7f0ae48af000 [pid 3073] +++ killed by SIGBUS +++ [pid 3070] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3070, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3091] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3091] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3090] <... close resumed>) = 0 [pid 3090] mkdir("./file2", 0777) = 0 [ 66.659676][ T3071] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 66.679521][ T3073] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3090] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3089] <... mount resumed>) = 0 [pid 3089] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3089] chdir("./file2") = 0 [ 66.738601][ T3089] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3089] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3091] <... openat resumed>) = 4 [pid 3091] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... umount2 resumed>) = 0 [pid 3089] <... openat resumed>) = 4 [pid 3089] ioctl(4, LOOP_CLR_FD [pid 291] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./90/file2") = 0 [pid 291] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./90/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./90") = 0 [pid 291] mkdir("./91", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3091] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3091] close(3 [pid 291] <... openat resumed>) = 3 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./89/file2") = 0 [pid 288] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./89/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./89") = 0 [pid 288] mkdir("./90", 0777) = 0 [pid 3091] <... close resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3091] close(4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... openat resumed>) = 3 [pid 3091] <... close resumed>) = 0 [pid 291] close(3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3091] mkdir("./file2", 0777 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3097 ./strace-static-x86_64: Process 3097 attached [pid 3097] set_robust_list(0x555594a056a0, 24) = 0 [pid 3097] chdir("./90") = 0 [pid 3097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3097] setpgid(0, 0) = 0 [pid 3091] <... mkdir resumed>) = 0 [pid 3091] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... close resumed>) = 0 [pid 3097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3097] <... openat resumed>) = 3 [pid 3097] write(3, "1000", 4) = 4 [pid 3097] close(3./strace-static-x86_64: Process 3099 attached ) = 0 [pid 3099] set_robust_list(0x555594a056a0, 24 [pid 3097] symlink("/dev/binderfs", "./binderfs" [pid 3089] <... ioctl resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3099 [pid 3099] <... set_robust_list resumed>) = 0 [pid 3097] <... symlink resumed>) = 0 [pid 3089] close(4executing program [pid 3097] write(1, "executing program\n", 18) = 18 [pid 3097] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 3099] chdir("./91" [pid 3097] <... futex resumed>) = 0 [pid 3089] <... close resumed>) = 0 [pid 3099] <... chdir resumed>) = 0 [pid 3097] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3097] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3089] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] <... prctl resumed>) = 0 [pid 3097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3099] setpgid(0, 0 [pid 3097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3089] <... futex resumed>) = 1 [pid 3084] <... futex resumed>) = 0 [pid 3099] <... setpgid resumed>) = 0 [pid 3097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3089] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3084] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3097] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3084] <... futex resumed>) = 0 [pid 3099] <... openat resumed>) = 3 [pid 3097] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3084] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3099] write(3, "1000", 4 [pid 3097] <... mprotect resumed>) = 0 [pid 3099] <... write resumed>) = 4 [pid 3097] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3099] close(3 [pid 3097] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3099] <... close resumed>) = 0 [pid 3097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3097] <... clone3 resumed> => {parent_tid=[3101]}, 88) = 3101 [pid 3099] write(1, "executing program\n", 18 [pid 3097] rt_sigprocmask(SIG_SETMASK, [], [pid 3099] <... write resumed>) = 18 [pid 3097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3099] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3097] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] <... futex resumed>) = 0 [pid 3097] <... futex resumed>) = 0 [pid 3099] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3097] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3099] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3099] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3102]}, 88) = 3102 [pid 3099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3099] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3102 attached [pid 3102] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3102] memfd_create("syzkaller", 0) = 3 [pid 3102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3102] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3102] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3102] ioctl(4, LOOP_SET_FD, 3 [pid 3089] <... openat resumed>) = 4 [pid 3089] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3084] <... futex resumed>) = 0 [pid 3089] write(4, "#! \n", 4 [pid 3084] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3089] <... write resumed>) = 4 [pid 3084] <... futex resumed>) = 0 [pid 3089] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3089] <... futex resumed>) = 0 [pid 3084] <... futex resumed>) = 0 [pid 3089] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3084] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3103]}, 88) = 3103 [pid 3084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3084] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3084] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3101 attached [pid 3101] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3101] memfd_create("syzkaller", 0) = 3 [pid 3101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 3103 attached [pid 3103] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3103] rt_sigprocmask(SIG_SETMASK, [], [pid 3090] <... mount resumed>) = 0 [pid 3103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3103] write(4, "#! \n", 4 [pid 3101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3090] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3103] <... write resumed>) = 4 [pid 3103] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3084] <... futex resumed>) = 0 [pid 3103] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3084] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3089] <... futex resumed>) = 0 [pid 3084] <... futex resumed>) = 1 [pid 3089] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3084] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3089] <... mmap resumed>) = 0x200000000000 [pid 3089] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3102] <... ioctl resumed>) = 0 [pid 3089] <... futex resumed>) = 1 [pid 3084] <... futex resumed>) = 0 [pid 3084] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3084] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3090] <... openat resumed>) = 3 [pid 3090] chdir("./file2") = 0 [pid 3090] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3090] ioctl(4, LOOP_CLR_FD) = 0 [pid 3090] close(4) = 0 [pid 3090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3101] <... write resumed>) = 524288 [pid 3101] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3101] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3102] close(3) = 0 [pid 3102] close(4) = 0 [pid 3102] mkdir("./file2", 0777) = 0 [pid 3102] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3101] <... openat resumed>) = 4 [pid 3089] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3087] <... futex resumed>) = 0 [pid 3101] ioctl(4, LOOP_SET_FD, 3 [pid 3087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3087] <... futex resumed>) = 1 [pid 3090] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3090] <... openat resumed>) = 4 [pid 3103] <... futex resumed>) = ? [pid 3101] <... ioctl resumed>) = 0 [pid 3090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3084] <... futex resumed>) = ? [pid 3090] <... futex resumed>) = 1 [pid 3090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3101] close(3) = 0 [ 66.931027][ T3090] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 66.948169][ T3089] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3101] close(4 [pid 3103] +++ killed by SIGBUS +++ [pid 3087] <... futex resumed>) = 0 [pid 3091] <... mount resumed>) = 0 [pid 3091] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3089] +++ killed by SIGBUS +++ [pid 3084] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3084, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 3087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3087] <... futex resumed>) = 1 [pid 3090] write(4, "#! \n", 4 [pid 3087] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... write resumed>) = 4 [pid 3087] <... futex resumed>) = 0 [pid 287] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3090] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3087] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3110]}, 88) = 3110 [pid 3087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3087] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3087] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3110 attached [pid 3110] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3110] write(4, "#! \n", 4) = 4 [pid 3110] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3087] <... futex resumed>) = 0 [pid 3087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3090] <... futex resumed>) = 0 [pid 3087] <... futex resumed>) = 1 [pid 3090] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3090] <... mmap resumed>) = 0x200000000000 [pid 3090] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3087] <... futex resumed>) = 0 [pid 3110] <... futex resumed>) = 1 [pid 3102] <... mount resumed>) = 0 [pid 3091] <... openat resumed>) = 3 [pid 3087] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3091] chdir("./file2" [pid 287] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3091] <... chdir resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 3091] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3110] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3102] <... openat resumed>) = 3 [pid 3102] chdir("./file2") = 0 [pid 3102] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3087] <... futex resumed>) = 0 [pid 3087] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3090] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3110] <... futex resumed>) = ? [pid 3087] <... futex resumed>) = ? [pid 3110] +++ killed by SIGBUS +++ [pid 3090] +++ killed by SIGBUS +++ [pid 3087] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3087, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3102] <... openat resumed>) = 4 [pid 3101] <... close resumed>) = 0 [pid 3091] <... openat resumed>) = 4 [pid 3101] mkdir("./file2", 0777 [pid 3091] ioctl(4, LOOP_CLR_FD [pid 3102] ioctl(4, LOOP_CLR_FD [pid 3101] <... mkdir resumed>) = 0 [pid 3101] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./96/file2") = 0 [pid 287] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./96/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./96") = 0 [pid 287] mkdir("./97", 0777) = 0 [ 66.971693][ T3091] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 66.988087][ T3102] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 66.989423][ T3090] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3102] <... ioctl resumed>) = 0 [pid 3091] <... ioctl resumed>) = 0 [pid 3102] close(4 [pid 3091] close(4 [pid 3101] <... mount resumed>) = 0 [pid 3101] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3101] chdir("./file2") = 0 [pid 3101] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3102] <... close resumed>) = 0 [pid 3101] <... openat resumed>) = 4 [pid 3091] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 3102] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 3102] <... futex resumed>) = 1 [pid 3099] <... futex resumed>) = 0 [pid 3091] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3102] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3099] <... futex resumed>) = 0 [pid 3091] <... futex resumed>) = 1 [pid 3086] <... futex resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3086] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3099] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] close(3 [pid 3091] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3086] <... futex resumed>) = 0 [pid 3102] <... openat resumed>) = 4 [pid 289] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 3102] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3102] <... futex resumed>) = 1 [pid 3099] <... futex resumed>) = 0 [pid 3091] <... openat resumed>) = 4 [pid 3099] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3102] write(4, "#! \n", 4 [pid 3091] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3113 [pid 3099] <... futex resumed>) = 0 [pid 3091] <... futex resumed>) = 1 [pid 3099] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] <... futex resumed>) = 0 [pid 3091] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3102] <... write resumed>) = 4 [pid 3099] <... futex resumed>) = 0 [pid 3091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3086] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3102] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3091] write(4, "#! \n", 4 [pid 3086] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3099] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3099] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3091] <... write resumed>) = 4 [pid 3102] <... futex resumed>) = 0 [pid 3086] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./90/file2", [pid 3102] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3099] <... mprotect resumed>) = 0 [pid 3091] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3099] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3091] <... futex resumed>) = 0 [pid 3086] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3099] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3091] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3086] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3086] <... mprotect resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3086] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3099] <... clone3 resumed> => {parent_tid=[3114]}, 88) = 3114 [pid 3086] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3099] rt_sigprocmask(SIG_SETMASK, [], [pid 3086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] <... openat resumed>) = 4 [pid 3101] ioctl(4, LOOP_CLR_FD) = 0 [pid 3099] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3086] <... clone3 resumed> => {parent_tid=[3115]}, 88) = 3115 [pid 289] newfstatat(4, "", [pid 3099] <... futex resumed>) = 0 [pid 3086] rt_sigprocmask(SIG_SETMASK, [], [pid 3099] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3101] close(4 [pid 3086] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 3086] <... futex resumed>) = 0 [pid 3101] <... close resumed>) = 0 [pid 3086] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3101] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3097] <... futex resumed>) = 0 [pid 289] getdents64(4, [pid 3097] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3101] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3097] <... futex resumed>) = 0 [pid 3101] <... openat resumed>) = 4 [pid 3097] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3101] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3097] <... futex resumed>) = 0 [pid 3101] write(4, "#! \n", 4 [pid 3097] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3101] <... write resumed>) = 4 [pid 3097] <... futex resumed>) = 0 [pid 3101] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3097] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3101] <... futex resumed>) = 0 [pid 3097] <... futex resumed>) = 0 [pid 3101] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 289] close(4 [pid 3097] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] <... close resumed>) = 0 ./strace-static-x86_64: Process 3113 attached [pid 3097] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] rmdir("./90/file2" [pid 3097] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3113] set_robust_list(0x555594a056a0, 24) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3097] <... clone3 resumed> => {parent_tid=[3116]}, 88) = 3116 [pid 3097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3097] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] newfstatat(AT_FDCWD, "./90/binderfs", [pid 3097] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3113] chdir("./97") = 0 [pid 3113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3113] setpgid(0, 0) = 0 [pid 3113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3113] write(3, "1000", 4) = 4 [pid 3113] close(3) = 0 [pid 3113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3113] write(1, "executing program\n", 18) = 18 [pid 3113] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3113] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3113] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3117]}, 88) = 3117 [pid 3113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3113] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3113] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3116 attached [pid 3116] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3116] write(4, "#! \n", 4) = 4 [pid 3116] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3097] <... futex resumed>) = 0 [pid 289] unlink("./90/binderfs" [pid 3097] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3116] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3097] <... futex resumed>) = 1 [pid 3097] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3101] <... futex resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 3101] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 289] getdents64(3, [pid 3101] <... mmap resumed>) = 0x200000000000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3101] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(3 [pid 3101] <... futex resumed>) = 1 [pid 3097] <... futex resumed>) = 0 [ 67.088605][ T3101] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3097] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 ./strace-static-x86_64: Process 3114 attached [pid 3114] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3114] write(4, "#! \n", 4) = 4 [pid 3114] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3114] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3115 attached [pid 3115] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3115] write(4, "#! \n", 4) = 4 [pid 3115] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3115] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3097] <... futex resumed>) = 0 [pid 3099] <... futex resumed>) = 0 [pid 3086] <... futex resumed>) = 0 [pid 3099] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3097] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3086] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] rmdir("./90"./strace-static-x86_64: Process 3117 attached [pid 3102] <... futex resumed>) = 0 [pid 3099] <... futex resumed>) = 1 [pid 3091] <... futex resumed>) = 0 [pid 3086] <... futex resumed>) = 1 [pid 289] <... rmdir resumed>) = 0 [pid 3102] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3099] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3091] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3086] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] mkdir("./91", 0777 [pid 3102] <... mmap resumed>) = 0x200000000000 [pid 3091] <... mmap resumed>) = 0x200000000000 [pid 3102] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... mkdir resumed>) = 0 [pid 3091] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3102] <... futex resumed>) = 1 [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3091] <... futex resumed>) = 1 [pid 3086] <... futex resumed>) = 0 [pid 3101] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3116] <... futex resumed>) = ? [pid 3117] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3117] memfd_create("syzkaller", 0) = 3 [pid 3117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3117] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3117] ioctl(4, LOOP_SET_FD, 3 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3099] <... futex resumed>) = 0 [pid 3099] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3091] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3086] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3091] <... futex resumed>) = 0 [pid 3086] <... futex resumed>) = 1 [pid 3102] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3097] <... futex resumed>) = ? [pid 3086] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3116] +++ killed by SIGBUS +++ [pid 3101] +++ killed by SIGBUS +++ [pid 3097] +++ killed by SIGBUS +++ [pid 3114] <... futex resumed>) = ? [pid 3099] <... futex resumed>) = ? [pid 3114] +++ killed by SIGBUS +++ [pid 3102] +++ killed by SIGBUS +++ [pid 3099] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3099, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3097, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3117] <... ioctl resumed>) = 0 [pid 3117] close(3) = 0 [pid 3117] close(4 [pid 3091] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3115] <... futex resumed>) = ? [pid 3086] <... futex resumed>) = ? [pid 3115] +++ killed by SIGBUS +++ [pid 3091] +++ killed by SIGBUS +++ [pid 3086] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3086, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 291] <... restart_syscall resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 291] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3117] <... close resumed>) = 0 [pid 3117] mkdir("./file2", 0777) = 0 [pid 3117] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./94/file2") = 0 [pid 290] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./94/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./94") = 0 [pid 290] mkdir("./95", 0777) = 0 [ 67.138814][ T3101] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 67.155581][ T3102] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 67.162290][ T3091] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] <... umount2 resumed>) = 0 [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3120 [pid 288] <... umount2 resumed>) = 0 [pid 291] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... openat resumed>) = 3 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./91/file2", [pid 288] newfstatat(AT_FDCWD, "./90/file2", [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", [pid 288] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 288] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 288] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 288] close(4 [pid 291] rmdir("./91/file2") = 0 [pid 288] <... close resumed>) = 0 [pid 291] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] rmdir("./90/file2" [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./91/binderfs", [pid 288] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] unlink("./91/binderfs" [pid 288] newfstatat(AT_FDCWD, "./90/binderfs", [pid 291] <... unlink resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] getdents64(3, [pid 288] unlink("./90/binderfs" [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... unlink resumed>) = 0 [pid 291] close(3 [pid 288] getdents64(3, [pid 291] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] rmdir("./91" [pid 288] close(3 [pid 291] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 291] mkdir("./92", 0777 [pid 288] rmdir("./90"./strace-static-x86_64: Process 3120 attached [pid 3117] <... mount resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... rmdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] mkdir("./91", 0777 [pid 3120] set_robust_list(0x555594a056a0, 24 [pid 3117] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 288] <... mkdir resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3123 [pid 3117] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 3117] chdir("./file2" [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3117] <... chdir resumed>) = 0 [pid 291] close(3 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3./strace-static-x86_64: Process 3123 attached [pid 3120] <... set_robust_list resumed>) = 0 [pid 3117] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 3120] chdir("./91" [pid 3117] <... openat resumed>) = 4 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3120] <... chdir resumed>) = 0 [pid 3117] ioctl(4, LOOP_CLR_FD [pid 3120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3117] <... ioctl resumed>) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3124 [pid 3120] <... prctl resumed>) = 0 [pid 3117] close(4 [pid 3123] set_robust_list(0x555594a056a0, 24 [pid 3120] setpgid(0, 0 [pid 3117] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3123] <... set_robust_list resumed>) = 0 [pid 3120] <... setpgid resumed>) = 0 [pid 3117] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] chdir("./95" [pid 3120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3117] <... futex resumed>) = 1 [pid 3113] <... futex resumed>) = 0 [pid 3123] <... chdir resumed>) = 0 [pid 3120] <... openat resumed>) = 3 [pid 3117] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3113] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3120] write(3, "1000", 4 [pid 3117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3113] <... futex resumed>) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3125 [pid 3123] <... prctl resumed>) = 0 [pid 3120] <... write resumed>) = 4 [pid 3117] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3113] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3123] setpgid(0, 0) = 0 [pid 3123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3123] write(3, "1000", 4 [pid 3120] close(3 [pid 3117] <... openat resumed>) = 4 [pid 3120] <... close resumed>) = 0 [pid 3117] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... write resumed>) = 4 [pid 3120] symlink("/dev/binderfs", "./binderfs" [pid 3117] <... futex resumed>) = 1 [pid 3113] <... futex resumed>) = 0 [pid 3123] close(3 [pid 3117] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3113] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... close resumed>) = 0 [pid 3113] <... futex resumed>) = 0 [pid 3123] symlink("/dev/binderfs", "./binderfs" [pid 3120] <... symlink resumed>) = 0 [pid 3117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3113] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] <... symlink resumed>) = 0 [pid 3120] write(1, "executing program\n", 18 executing program [pid 3117] write(4, "#! \n", 4 [pid 3113] <... futex resumed>) = 0 [pid 3123] write(1, "executing program\n", 18 [pid 3113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 3123] <... write resumed>) = 18 [pid 3120] <... write resumed>) = 18 [pid 3117] <... write resumed>) = 4 [pid 3113] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3123] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3120] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3117] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3113] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3123] <... futex resumed>) = 0 [pid 3120] <... futex resumed>) = 0 [pid 3117] <... futex resumed>) = 0 [pid 3113] <... mprotect resumed>) = 0 [pid 3123] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3120] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3117] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3113] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3123] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3120] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3113] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3125 attached ./strace-static-x86_64: Process 3124 attached [pid 3123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3124] set_robust_list(0x555594a056a0, 24 [pid 3123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3113] <... clone3 resumed> => {parent_tid=[3126]}, 88) = 3126 [pid 3124] <... set_robust_list resumed>) = 0 [pid 3123] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3113] rt_sigprocmask(SIG_SETMASK, [], [pid 3125] set_robust_list(0x555594a056a0, 24 [pid 3124] chdir("./92" [pid 3123] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3120] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3124] <... chdir resumed>) = 0 [pid 3123] <... mprotect resumed>) = 0 [pid 3120] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3113] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] <... set_robust_list resumed>) = 0 [pid 3124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3123] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3120] <... mprotect resumed>) = 0 [pid 3113] <... futex resumed>) = 0 [pid 3124] <... prctl resumed>) = 0 [pid 3123] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3113] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3124] setpgid(0, 0 [pid 3123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3125] chdir("./91" [pid 3124] <... setpgid resumed>) = 0 [pid 3120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3125] <... chdir resumed>) = 0 [pid 3124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3123] <... clone3 resumed> => {parent_tid=[3127]}, 88) = 3127 [pid 3124] <... openat resumed>) = 3 [pid 3123] rt_sigprocmask(SIG_SETMASK, [], [pid 3120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3125] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3124] write(3, "1000", 4 [pid 3123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3124] <... write resumed>) = 4 [pid 3123] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] <... prctl resumed>) = 0 [pid 3124] close(3 [pid 3123] <... futex resumed>) = 0 [pid 3120] <... clone3 resumed> => {parent_tid=[3128]}, 88) = 3128 [pid 3125] setpgid(0, 0 [pid 3124] <... close resumed>) = 0 [pid 3123] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3120] rt_sigprocmask(SIG_SETMASK, [], [pid 3124] symlink("/dev/binderfs", "./binderfs" [pid 3120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3125] <... setpgid resumed>) = 0 [pid 3120] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3124] <... symlink resumed>) = 0 [pid 3120] <... futex resumed>) = 0 [pid 3124] write(1, "executing program\n", 18 executing program [pid 3120] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3125] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3126 attached [pid 3124] <... write resumed>) = 18 [pid 3126] set_robust_list(0x7f0aeccae9a0, 24 [pid 3124] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] write(3, "1000", 4 [pid 3126] <... set_robust_list resumed>) = 0 [pid 3124] <... futex resumed>) = 0 [pid 3126] rt_sigprocmask(SIG_SETMASK, [], [pid 3124] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3124] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3126] write(4, "#! \n", 4 [pid 3124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3126] <... write resumed>) = 4 [pid 3124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3126] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3126] <... futex resumed>) = 1 [pid 3124] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3113] <... futex resumed>) = 0 [pid 3126] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3124] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3113] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3128 attached ./strace-static-x86_64: Process 3127 attached [pid 3124] <... mprotect resumed>) = 0 [pid 3125] <... write resumed>) = 4 [pid 3117] <... futex resumed>) = 0 [pid 3113] <... futex resumed>) = 1 [pid 3128] set_robust_list(0x7f0aecccf9a0, 24 [pid 3127] set_robust_list(0x7f0aecccf9a0, 24 [pid 3125] close(3 [pid 3128] <... set_robust_list resumed>) = 0 [pid 3127] <... set_robust_list resumed>) = 0 [pid 3125] <... close resumed>) = 0 executing program [pid 3128] rt_sigprocmask(SIG_SETMASK, [], [pid 3127] rt_sigprocmask(SIG_SETMASK, [], [pid 3125] symlink("/dev/binderfs", "./binderfs" [pid 3128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3125] <... symlink resumed>) = 0 [pid 3128] memfd_create("syzkaller", 0 [pid 3127] memfd_create("syzkaller", 0 [pid 3125] write(1, "executing program\n", 18 [pid 3128] <... memfd_create resumed>) = 3 [pid 3127] <... memfd_create resumed>) = 3 [pid 3125] <... write resumed>) = 18 [pid 3128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3125] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... mmap resumed>) = 0x7f0ae48af000 [pid 3127] <... mmap resumed>) = 0x7f0ae48af000 [pid 3125] <... futex resumed>) = 0 [pid 3125] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3124] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3117] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3113] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3125] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3124] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3117] <... mmap resumed>) = 0x200000000000 [pid 3124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3117] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3113] <... futex resumed>) = 0 [pid 3124] <... clone3 resumed> => {parent_tid=[3129]}, 88) = 3129 [pid 3117] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3113] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3124] rt_sigprocmask(SIG_SETMASK, [], [pid 3117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3113] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3129 attached [pid 3128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3129] set_robust_list(0x7f0aecccf9a0, 24 [pid 3128] <... write resumed>) = 524288 [pid 3127] <... write resumed>) = 524288 [pid 3125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3129] <... set_robust_list resumed>) = 0 [pid 3128] munmap(0x7f0ae48af000, 138412032 [pid 3127] munmap(0x7f0ae48af000, 138412032 [pid 3125] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3129] rt_sigprocmask(SIG_SETMASK, [], [pid 3128] <... munmap resumed>) = 0 [pid 3127] <... munmap resumed>) = 0 [pid 3125] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3127] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3125] <... mprotect resumed>) = 0 [pid 3129] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3128] <... openat resumed>) = 4 [pid 3127] <... openat resumed>) = 4 [pid 3125] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3128] ioctl(4, LOOP_SET_FD, 3 [pid 3127] ioctl(4, LOOP_SET_FD, 3 [pid 3125] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3131]}, 88) = 3131 [pid 3125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3125] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3125] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3113] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3129] <... futex resumed>) = 0 [pid 3124] <... futex resumed>) = 1 [pid 3129] memfd_create("syzkaller", 0 [ 67.379492][ T3117] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3129] <... memfd_create resumed>) = 3 [pid 3129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 3131 attached [pid 3128] <... ioctl resumed>) = 0 [pid 3117] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3129] <... write resumed>) = 524288 [pid 3131] set_robust_list(0x7f0aecccf9a0, 24 [pid 3129] munmap(0x7f0ae48af000, 138412032 [pid 3128] close(3 [pid 3127] <... ioctl resumed>) = 0 [pid 3113] <... futex resumed>) = ? [pid 3131] <... set_robust_list resumed>) = 0 [pid 3129] <... munmap resumed>) = 0 [pid 3128] <... close resumed>) = 0 [pid 3127] close(3 [pid 3131] rt_sigprocmask(SIG_SETMASK, [], [pid 3129] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3128] close(4 [pid 3127] <... close resumed>) = 0 [pid 3131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3129] <... openat resumed>) = 4 [pid 3128] <... close resumed>) = 0 [pid 3127] close(4 [pid 3126] <... futex resumed>) = ? [pid 3131] memfd_create("syzkaller", 0 [pid 3129] ioctl(4, LOOP_SET_FD, 3 [pid 3128] mkdir("./file2", 0777 [pid 3127] <... close resumed>) = 0 [pid 3131] <... memfd_create resumed>) = 3 [pid 3128] <... mkdir resumed>) = 0 [pid 3127] mkdir("./file2", 0777 [pid 3131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3128] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3126] +++ killed by SIGBUS +++ [pid 3131] <... mmap resumed>) = 0x7f0ae48af000 [pid 3129] <... ioctl resumed>) = 0 [pid 3127] <... mkdir resumed>) = 0 [pid 3117] +++ killed by SIGBUS +++ [pid 3113] +++ killed by SIGBUS +++ [pid 3129] close(3) = 0 [pid 3129] close(4 [pid 3127] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3113, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3131] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3131] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3131] <... openat resumed>) = 4 [pid 3129] <... close resumed>) = 0 [pid 3131] ioctl(4, LOOP_SET_FD, 3 [pid 3129] mkdir("./file2", 0777) = 0 [ 67.417041][ T3117] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3129] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3127] <... mount resumed>) = 0 [pid 3127] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3127] chdir("./file2") = 0 [pid 3127] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3128] <... mount resumed>) = 0 [pid 3128] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3128] chdir("./file2") = 0 [pid 3128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3131] <... ioctl resumed>) = 0 [pid 3128] <... openat resumed>) = 4 [pid 3127] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 3128] ioctl(4, LOOP_CLR_FD [pid 3127] ioctl(4, LOOP_CLR_FD [pid 3128] <... ioctl resumed>) = 0 [pid 3127] <... ioctl resumed>) = 0 [pid 287] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3128] close(4 [pid 3127] close(4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3131] close(3 [pid 3128] <... close resumed>) = 0 [pid 3127] <... close resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./97/file2", [pid 3128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = 1 [pid 3127] <... futex resumed>) = 1 [pid 3123] <... futex resumed>) = 0 [pid 3120] <... futex resumed>) = 0 [pid 3128] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3127] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3123] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3120] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3123] <... futex resumed>) = 0 [pid 3120] <... futex resumed>) = 0 [pid 3128] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3127] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3123] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3120] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3131] <... close resumed>) = 0 [pid 3128] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3131] close(4 [pid 3128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] <... openat resumed>) = 4 [pid 3131] <... close resumed>) = 0 [pid 3128] <... futex resumed>) = 1 [pid 3127] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3120] <... futex resumed>) = 0 [pid 287] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3131] mkdir("./file2", 0777 [pid 3128] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3127] <... futex resumed>) = 1 [pid 3123] <... futex resumed>) = 0 [pid 3120] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] <... mkdir resumed>) = 0 [pid 3128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3127] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3123] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3120] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3131] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3128] write(4, "#! \n", 4 [pid 3127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3123] <... futex resumed>) = 0 [pid 3120] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] write(4, "#! \n", 4 [pid 3128] <... write resumed>) = 4 [pid 3123] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3120] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] <... write resumed>) = 4 [pid 3123] <... futex resumed>) = 0 [pid 3120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... openat resumed>) = 4 [pid 3128] <... futex resumed>) = 0 [pid 3127] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3120] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] newfstatat(4, "", [pid 3128] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3127] <... futex resumed>) = 0 [pid 3123] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3120] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3127] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3123] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3120] <... mprotect resumed>) = 0 [pid 287] getdents64(4, [pid 3123] <... mprotect resumed>) = 0 [pid 3120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3123] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] getdents64(4, [pid 3123] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] close(4 [pid 3120] <... clone3 resumed> => {parent_tid=[3140]}, 88) = 3140 [pid 287] <... close resumed>) = 0 [pid 3123] <... clone3 resumed> => {parent_tid=[3141]}, 88) = 3141 [pid 3120] rt_sigprocmask(SIG_SETMASK, [], [pid 287] rmdir("./97/file2"./strace-static-x86_64: Process 3141 attached ./strace-static-x86_64: Process 3140 attached [pid 3123] rt_sigprocmask(SIG_SETMASK, [], [pid 3120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3120] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3123] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3120] <... futex resumed>) = 0 [pid 3123] <... futex resumed>) = 0 [pid 3120] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3123] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... rmdir resumed>) = 0 [pid 287] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3141] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3141] write(4, "#! \n", 4) = 4 [pid 3141] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3123] <... futex resumed>) = 0 [pid 3141] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3123] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3127] <... futex resumed>) = 0 [pid 3123] <... futex resumed>) = 1 [pid 3127] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3123] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3127] <... mmap resumed>) = 0x200000000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3127] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3140] set_robust_list(0x7f0aeccae9a0, 24 [pid 3127] <... futex resumed>) = 1 [pid 3123] <... futex resumed>) = 0 [pid 3140] <... set_robust_list resumed>) = 0 [pid 3127] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3123] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3140] rt_sigprocmask(SIG_SETMASK, [], [pid 3127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3123] <... futex resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 67.468737][ T3127] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 67.468762][ T3128] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 287] unlink("./97/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./97") = 0 [pid 287] mkdir("./98", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3143 ./strace-static-x86_64: Process 3143 attached [pid 3143] set_robust_list(0x555594a056a0, 24) = 0 [pid 3143] chdir("./98") = 0 [pid 3143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3143] setpgid(0, 0) = 0 [pid 3143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3143] write(3, "1000", 4) = 4 [pid 3143] close(3) = 0 [pid 3143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3143] write(1, "executing program\n", 18executing program ) = 18 [pid 3123] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3143] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3143] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3144]}, 88) = 3144 [pid 3143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3143] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3143] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3144 attached [pid 3144] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3144] memfd_create("syzkaller", 0) = 3 [pid 3144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3144] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3144] close(3 [pid 3140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3129] <... mount resumed>) = 0 [pid 3127] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3140] write(4, "#! \n", 4) = 4 [pid 3140] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3120] <... futex resumed>) = 0 [pid 3140] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3120] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3128] <... futex resumed>) = 0 [pid 3120] <... futex resumed>) = 1 [pid 3128] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3120] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3128] <... mmap resumed>) = 0x200000000000 [pid 3128] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3120] <... futex resumed>) = 0 [pid 3144] <... close resumed>) = 0 [pid 3141] <... futex resumed>) = ? [pid 3129] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3123] <... futex resumed>) = ? [pid 3120] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3144] close(4) = 0 [pid 3144] mkdir("./file2", 0777) = 0 [pid 3144] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3120] <... futex resumed>) = 0 [pid 3120] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3128] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3129] <... openat resumed>) = 3 [pid 3141] +++ killed by SIGBUS +++ [pid 3140] <... futex resumed>) = ? [pid 3129] chdir("./file2" [pid 3120] <... futex resumed>) = ? [pid 3129] <... chdir resumed>) = 0 [pid 3140] +++ killed by SIGBUS +++ [pid 3129] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 67.530226][ T3127] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 67.545866][ T3129] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 67.561453][ T3128] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3129] ioctl(4, LOOP_CLR_FD) = 0 [pid 3129] close(4 [pid 3128] +++ killed by SIGBUS +++ [pid 3127] +++ killed by SIGBUS +++ [pid 3123] +++ killed by SIGBUS +++ [pid 3120] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3123, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3120, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3129] <... close resumed>) = 0 [pid 3129] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3129] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 290] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 289] newfstatat(3, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 289] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3124] <... futex resumed>) = 0 [pid 3131] <... mount resumed>) = 0 [pid 3124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3129] <... futex resumed>) = 0 [pid 3124] <... futex resumed>) = 1 [pid 3129] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] <... openat resumed>) = 4 [pid 3129] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] <... openat resumed>) = 3 [pid 3129] <... futex resumed>) = 1 [pid 3124] <... futex resumed>) = 0 [pid 3131] chdir("./file2" [pid 3129] write(4, "#! \n", 4 [pid 3124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] <... chdir resumed>) = 0 [pid 3129] <... write resumed>) = 4 [pid 3124] <... futex resumed>) = 0 [pid 3131] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3129] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3129] <... futex resumed>) = 0 [pid 3129] write(4, "#! \n", 4) = 4 [pid 3129] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3129] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 3124] <... futex resumed>) = 1 [pid 3129] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3129] <... futex resumed>) = 0 [pid 3124] <... futex resumed>) = 1 [pid 3129] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] <... mmap resumed>) = 0x200000000000 [pid 3129] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3124] <... futex resumed>) = 0 [pid 3129] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3124] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3124] <... futex resumed>) = 0 [pid 3144] <... mount resumed>) = 0 [pid 3144] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3144] chdir("./file2") = 0 [pid 3144] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3124] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3129] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3124] <... futex resumed>) = ? [pid 3129] +++ killed by SIGBUS +++ [pid 3124] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3124, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./95/file2") = 0 [pid 290] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./95/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./95") = 0 [pid 290] mkdir("./96", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 67.579713][ T3131] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 67.598617][ T3144] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 67.601055][ T3129] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3144] <... openat resumed>) = 4 [pid 3131] <... openat resumed>) = 4 [pid 3144] ioctl(4, LOOP_CLR_FD [pid 3131] ioctl(4, LOOP_CLR_FD [pid 3144] <... ioctl resumed>) = 0 [pid 3131] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 3144] close(4 [pid 3131] close(4 [pid 289] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3144] <... close resumed>) = 0 [pid 3131] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3144] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./91/file2", [pid 3144] <... futex resumed>) = 1 [pid 3143] <... futex resumed>) = 0 [pid 3131] <... futex resumed>) = 1 [pid 3125] <... futex resumed>) = 0 [pid 291] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3144] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3143] <... futex resumed>) = 0 [pid 3131] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3125] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] getdents64(4, [pid 3144] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3143] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3125] <... futex resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3125] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] close(4) = 0 [pid 3144] <... openat resumed>) = 4 [pid 289] rmdir("./91/file2" [pid 3144] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] <... openat resumed>) = 4 [pid 291] newfstatat(AT_FDCWD, "./92/file2", [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... rmdir resumed>) = 0 [pid 3144] <... futex resumed>) = 1 [pid 3143] <... futex resumed>) = 0 [pid 3131] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3144] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] <... futex resumed>) = 1 [pid 3125] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3143] <... futex resumed>) = 0 [pid 3131] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3125] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(AT_FDCWD, "./91/binderfs", [pid 3144] write(4, "#! \n", 4 [pid 3143] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3125] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] close(3 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3144] <... write resumed>) = 4 [pid 3143] <... futex resumed>) = 0 [pid 3131] write(4, "#! \n", 4 [pid 3125] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... close resumed>) = 0 [pid 289] unlink("./91/binderfs" [pid 3144] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3131] <... write resumed>) = 4 [pid 3125] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... unlink resumed>) = 0 [pid 3144] <... futex resumed>) = 0 [pid 3143] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3131] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] newfstatat(4, "", [pid 289] getdents64(3, [pid 3144] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3131] <... futex resumed>) = 0 [pid 3125] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3143] <... mprotect resumed>) = 0 [pid 3131] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3125] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] getdents64(4, [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3150 [pid 289] close(3 [pid 3143] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3125] <... mprotect resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... close resumed>) = 0 [pid 3143] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3125] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] getdents64(4, [pid 289] rmdir("./91" [pid 3143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3125] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 3125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] close(4 [pid 289] mkdir("./92", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3143] <... clone3 resumed> => {parent_tid=[3151]}, 88) = 3151 [pid 291] <... close resumed>) = 0 [pid 3143] rt_sigprocmask(SIG_SETMASK, [], [pid 3125] <... clone3 resumed> => {parent_tid=[3152]}, 88) = 3152 [pid 291] rmdir("./92/file2" [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3153 [pid 3143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3125] rt_sigprocmask(SIG_SETMASK, [], [pid 3143] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 3143] <... futex resumed>) = 0 [pid 3125] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3143] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3125] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3125] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./92/binderfs"./strace-static-x86_64: Process 3150 attached ./strace-static-x86_64: Process 3152 attached ) = 0 [pid 3152] set_robust_list(0x7f0aeccae9a0, 24 [pid 291] getdents64(3, [pid 3152] <... set_robust_list resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3152] rt_sigprocmask(SIG_SETMASK, [], [pid 291] close(3 [pid 3152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 3152] write(4, "#! \n", 4 [pid 291] rmdir("./92" [pid 3150] set_robust_list(0x555594a056a0, 24 [pid 291] <... rmdir resumed>) = 0 [pid 3152] <... write resumed>) = 4 ./strace-static-x86_64: Process 3153 attached [pid 291] mkdir("./93", 0777 [pid 3150] <... set_robust_list resumed>) = 0 [pid 3153] set_robust_list(0x555594a056a0, 24 [pid 3152] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3150] chdir("./96" [pid 291] <... mkdir resumed>) = 0 [pid 3153] <... set_robust_list resumed>) = 0 [pid 3152] <... futex resumed>) = 1 [pid 3150] <... chdir resumed>) = 0 [pid 3125] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3152] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3125] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3151 attached [pid 3153] chdir("./92" [pid 3131] <... futex resumed>) = 0 [pid 3125] <... futex resumed>) = 1 [pid 291] <... openat resumed>) = 3 [pid 3131] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3125] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, LOOP_CLR_FD [pid 3153] <... chdir resumed>) = 0 [pid 3151] set_robust_list(0x7f0aeccae9a0, 24 [pid 3131] <... mmap resumed>) = 0x200000000000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3153] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3151] <... set_robust_list resumed>) = 0 [pid 3131] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 3153] <... prctl resumed>) = 0 [pid 3131] <... futex resumed>) = 1 [pid 3125] <... futex resumed>) = 0 [pid 3150] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... close resumed>) = 0 [pid 3125] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3150] <... prctl resumed>) = 0 [pid 3150] setpgid(0, 0) = 0 [pid 3150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3150] write(3, "1000", 4) = 4 [pid 3150] close(3) = 0 [pid 3150] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3150] write(1, "executing program\n", 18) = 18 [pid 3150] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3150] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3154]}, 88) = 3154 [pid 3150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3150] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3154 attached [pid 3154] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3154] memfd_create("syzkaller", 0) = 3 [pid 3154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3154] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3154] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3154] close(3) = 0 [pid 3154] close(4 [pid 3125] <... futex resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3125] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3153] setpgid(0, 0 [pid 3151] rt_sigprocmask(SIG_SETMASK, [], [pid 3153] <... setpgid resumed>) = 0 [pid 3151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3156 [pid 3153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3151] write(4, "#! \n", 4 [pid 3131] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3153] <... openat resumed>) = 3 [pid 3152] <... futex resumed>) = ? [pid 3151] <... write resumed>) = 4 [pid 3125] <... futex resumed>) = ? [pid 3153] write(3, "1000", 4 [pid 3151] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... write resumed>) = 4 [pid 3152] +++ killed by SIGBUS +++ [pid 3151] <... futex resumed>) = 1 [pid 3143] <... futex resumed>) = 0 [pid 3153] close(3 [pid 3151] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... close resumed>) = 0 [pid 3143] <... futex resumed>) = 1 [pid 3144] <... futex resumed>) = 0 [pid 3153] symlink("/dev/binderfs", "./binderfs" [pid 3144] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3143] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 3153] <... symlink resumed>) = 0 [pid 3153] write(1, "executing program\n", 18 [pid 3144] <... mmap resumed>) = 0x200000000000 [pid 3153] <... write resumed>) = 18 [pid 3144] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3144] <... futex resumed>) = 1 [pid 3143] <... futex resumed>) = 0 [pid 3153] <... futex resumed>) = 0 [pid 3144] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3143] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3153] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3143] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3156 attached [pid 3156] set_robust_list(0x555594a056a0, 24) = 0 [pid 3156] chdir("./93") = 0 [pid 3156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3156] setpgid(0, 0) = 0 [pid 3156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3156] write(3, "1000", 4) = 4 [pid 3156] close(3) = 0 [pid 3156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3156] write(1, "executing program\n", 18executing program ) = 18 [pid 3156] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3156] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3157]}, 88) = 3157 [pid 3156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3156] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3157 attached [pid 3157] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3157] memfd_create("syzkaller", 0) = 3 [pid 3157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3157] munmap(0x7f0ae48af000, 138412032 [pid 3143] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3157] <... munmap resumed>) = 0 [pid 3153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3131] +++ killed by SIGBUS +++ [pid 3125] +++ killed by SIGBUS +++ [pid 3153] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3157] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3153] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3144] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3125, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3153] <... mprotect resumed>) = 0 [pid 3151] <... futex resumed>) = ? [pid 3143] <... futex resumed>) = ? [pid 3153] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] <... restart_syscall resumed>) = 0 [pid 3153] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3151] +++ killed by SIGBUS +++ [pid 3153] <... clone3 resumed> => {parent_tid=[3158]}, 88) = 3158 [pid 3153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 288] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3158 attached [pid 3144] +++ killed by SIGBUS +++ [pid 3143] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3143, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 3158] set_robust_list(0x7f0aecccf9a0, 24 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3158] <... set_robust_list resumed>) = 0 [pid 3158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3158] memfd_create("syzkaller", 0) = 3 [pid 3158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3157] <... openat resumed>) = 4 [pid 3154] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 3157] ioctl(4, LOOP_SET_FD, 3 [pid 3154] mkdir("./file2", 0777 [pid 288] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3154] <... mkdir resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3154] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] newfstatat(AT_FDCWD, "./91/file2", [pid 3157] <... ioctl resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3157] close(3 [pid 288] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... restart_syscall resumed>) = 0 [pid 3157] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3157] close(4 [pid 288] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3158] <... write resumed>) = 524288 [pid 288] newfstatat(4, "", [pid 287] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... openat resumed>) = 3 [pid 288] getdents64(4, [pid 287] newfstatat(3, "", [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3158] munmap(0x7f0ae48af000, 138412032 [pid 288] getdents64(4, [pid 287] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] close(4 [pid 287] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3158] <... munmap resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 288] rmdir("./91/file2" [pid 3158] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... rmdir resumed>) = 0 [pid 288] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./91/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./91") = 0 [pid 288] mkdir("./92", 0777) = 0 [ 67.741800][ T3131] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 67.759442][ T3144] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3158] <... openat resumed>) = 4 [pid 3157] <... close resumed>) = 0 [pid 3158] ioctl(4, LOOP_SET_FD, 3 [pid 3157] mkdir("./file2", 0777) = 0 [pid 3157] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3158] <... ioctl resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 3158] close(3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3158] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3158] close(4 [pid 288] close(3 [pid 287] newfstatat(AT_FDCWD, "./98/file2", [pid 3158] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 3158] mkdir("./file2", 0777 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3158] <... mkdir resumed>) = 0 [pid 287] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3158] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3163 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 3163 attached [pid 3163] set_robust_list(0x555594a056a0, 24) = 0 [pid 3163] chdir("./92") = 0 [pid 3163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3163] setpgid(0, 0) = 0 [pid 287] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./98/file2" [pid 3163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3163] write(3, "1000", 4) = 4 [pid 3163] close(3) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 287] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./98/binderfs" [pid 3163] symlink("/dev/binderfs", "./binderfs" [pid 287] <... unlink resumed>) = 0 [pid 287] getdents64(3, [pid 3163] <... symlink resumed>) = 0 [pid 3163] write(1, "executing program\n", 18executing program ) = 18 [pid 3163] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3163] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./98" [pid 3163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./99", 0777 [pid 3163] <... mmap resumed>) = 0x7f0aeccaf000 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 3163] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3167 [pid 3163] <... clone3 resumed> => {parent_tid=[3168]}, 88) = 3168 [pid 3163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3163] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3163] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3168 attached ./strace-static-x86_64: Process 3167 attached [pid 3154] <... mount resumed>) = 0 [pid 3154] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3154] chdir("./file2") = 0 [pid 3154] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3154] ioctl(4, LOOP_CLR_FD) = 0 [pid 3154] close(4) = 0 [pid 3154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3150] <... futex resumed>) = 0 [pid 3150] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3154] <... futex resumed>) = 1 [pid 3154] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3150] <... futex resumed>) = 0 [pid 3150] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3150] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3169]}, 88) = 3169 [pid 3150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3150] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3150] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3154] <... futex resumed>) = 1 [pid 3154] write(4, "#! \n", 4) = 4 [pid 3154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3154] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3167] set_robust_list(0x555594a056a0, 24) = 0 [pid 3167] chdir("./99") = 0 [pid 3167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3167] setpgid(0, 0) = 0 [pid 3167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3157] <... mount resumed>) = 0 [pid 3157] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3168] set_robust_list(0x7f0aecccf9a0, 24 [pid 3157] chdir("./file2") = 0 [pid 3157] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3157] ioctl(4, LOOP_CLR_FD) = 0 [pid 3157] close(4) = 0 [pid 3157] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3156] <... futex resumed>) = 0 [pid 3156] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3156] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3157] <... futex resumed>) = 1 [pid 3157] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 3169 attached [pid 3169] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3169] rt_sigprocmask(SIG_SETMASK, [], [pid 3157] <... openat resumed>) = 4 [pid 3169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3169] write(4, "#! \n", 4) = 4 [pid 3169] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3150] <... futex resumed>) = 0 [pid 3150] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3154] <... futex resumed>) = 0 [pid 3150] <... futex resumed>) = 1 [pid 3154] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3150] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3157] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3168] <... set_robust_list resumed>) = 0 [pid 3157] <... futex resumed>) = 1 [pid 3156] <... futex resumed>) = 0 [pid 3154] <... mmap resumed>) = 0x200000000000 [pid 3167] <... openat resumed>) = 3 [pid 3157] write(4, "#! \n", 4 [pid 3156] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3154] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3156] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3154] <... futex resumed>) = 1 [pid 3150] <... futex resumed>) = 0 [pid 3156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3169] <... futex resumed>) = 1 [pid 3168] rt_sigprocmask(SIG_SETMASK, [], [pid 3167] write(3, "1000", 4 [pid 3157] <... write resumed>) = 4 [pid 3156] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3150] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3167] <... write resumed>) = 4 [pid 3157] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3156] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3168] memfd_create("syzkaller", 0 [pid 3167] close(3 [pid 3157] <... futex resumed>) = 0 [pid 3156] <... mprotect resumed>) = 0 [pid 3168] <... memfd_create resumed>) = 3 [pid 3167] <... close resumed>) = 0 [pid 3157] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3167] symlink("/dev/binderfs", "./binderfs" [pid 3156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3168] <... mmap resumed>) = 0x7f0ae48af000 [pid 3167] <... symlink resumed>) = 0 [pid 3156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}executing program [pid 3168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3167] write(1, "executing program\n", 18) = 18 [pid 3156] <... clone3 resumed> => {parent_tid=[3171]}, 88) = 3171 [pid 3167] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3156] rt_sigprocmask(SIG_SETMASK, [], [pid 3167] <... futex resumed>) = 0 [pid 3156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3167] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3156] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3167] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3156] <... futex resumed>) = 0 [pid 3167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3156] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3167] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 68.018063][ T3154] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 68.024991][ T3157] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 68.050616][ T3154] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 3171 attached [pid 3169] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3168] <... write resumed>) = 524288 [pid 3154] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3150] <... futex resumed>) = 0 [pid 3150] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3168] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3168] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3168] ioctl(4, LOOP_SET_FD, 3 [pid 3150] <... futex resumed>) = ? [pid 3169] <... futex resumed>) = ? [pid 3169] +++ killed by SIGBUS +++ [pid 3154] +++ killed by SIGBUS +++ [pid 3150] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3150, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3171] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3171] write(4, "#! \n", 4) = 4 [pid 3171] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3171] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3167] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3167] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3173]}, 88) = 3173 [pid 3167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3167] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3167] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3168] <... ioctl resumed>) = 0 [pid 3168] close(3) = 0 [pid 3168] close(4 [pid 3156] <... futex resumed>) = 0 [pid 3156] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3156] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3173 attached [pid 3173] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3173] memfd_create("syzkaller", 0) = 3 [pid 3173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3157] <... futex resumed>) = 0 [pid 3157] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3157] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3158] <... mount resumed>) = 0 [pid 3158] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3157] <... futex resumed>) = 1 [pid 3156] <... futex resumed>) = 0 [pid 3158] chdir("./file2") = 0 [pid 3158] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3156] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3173] <... write resumed>) = 524288 [pid 3173] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3173] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3156] <... futex resumed>) = 0 [pid 3156] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3157] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3171] <... futex resumed>) = ? [pid 3156] <... futex resumed>) = ? [pid 3171] +++ killed by SIGBUS +++ [pid 3168] <... close resumed>) = 0 [pid 3168] mkdir("./file2", 0777) = 0 [pid 3157] +++ killed by SIGBUS +++ [pid 3156] +++ killed by SIGBUS +++ [pid 3168] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3156, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3158] <... openat resumed>) = 4 [pid 3158] ioctl(4, LOOP_CLR_FD) = 0 [pid 3158] close(4) = 0 [pid 3158] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] <... futex resumed>) = 1 [pid 3158] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3158] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3153] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3174]}, 88) = 3174 [pid 3153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3153] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] <... futex resumed>) = 1 [pid 3158] write(4, "#! \n", 4) = 4 [pid 3158] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3158] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3174 attached [pid 3174] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3174] write(4, "#! \n", 4) = 4 [pid 3174] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] <... futex resumed>) = 0 [pid 3158] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3158] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3153] <... futex resumed>) = 0 [pid 3153] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3153] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3158] <... futex resumed>) = 1 [pid 3174] <... futex resumed>) = 1 [ 68.066278][ T3158] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 68.082010][ T3157] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3174] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3158] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3174] <... futex resumed>) = ? [pid 3153] <... futex resumed>) = ? [pid 3174] +++ killed by SIGBUS +++ [pid 3158] +++ killed by SIGBUS +++ [pid 3153] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3153, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3168] <... mount resumed>) = 0 [pid 3168] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3168] chdir("./file2") = 0 [pid 3168] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3173] <... openat resumed>) = 4 [ 68.116224][ T3158] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 68.132402][ T3168] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3173] ioctl(4, LOOP_SET_FD, 3 [pid 3168] <... openat resumed>) = 4 [pid 3168] ioctl(4, LOOP_CLR_FD) = 0 [pid 3168] close(4) = 0 [pid 3168] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3163] <... futex resumed>) = 0 [pid 3168] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3163] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3163] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3173] <... ioctl resumed>) = 0 [pid 3168] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 3168] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3168] <... futex resumed>) = 1 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3168] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] newfstatat(AT_FDCWD, "./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3163] <... futex resumed>) = 0 [pid 291] getdents64(4, [pid 290] <... umount2 resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./93/file2") = 0 [pid 291] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./93/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./93") = 0 [pid 291] mkdir("./94", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3173] close(3 [pid 3163] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 3 [pid 290] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 3173] <... close resumed>) = 0 [pid 3163] <... futex resumed>) = 1 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3173] close(4 [pid 3163] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3163] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./92/file2", [pid 3163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] newfstatat(AT_FDCWD, "./96/file2", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3163] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3163] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3168] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3163] <... mprotect resumed>) = 0 [pid 289] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3163] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... openat resumed>) = 4 [pid 3163] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] newfstatat(4, "", [pid 3163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] getdents64(4, [pid 3163] <... clone3 resumed> => {parent_tid=[3178]}, 88) = 3178 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3163] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... openat resumed>) = 4 [pid 289] getdents64(4, [pid 3168] write(4, "#! \n", 4 [pid 3163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] newfstatat(4, "", [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3163] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] close(4 [pid 3168] <... write resumed>) = 4 [pid 3163] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... close resumed>) = 0 [pid 3168] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3163] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] getdents64(4, [pid 289] rmdir("./92/file2"./strace-static-x86_64: Process 3178 attached [pid 3168] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3178] set_robust_list(0x7f0aeccae9a0, 24 [pid 3168] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] getdents64(4, [pid 289] unlink("./92/binderfs" [pid 3178] <... set_robust_list resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... unlink resumed>) = 0 [pid 290] close(4 [pid 289] getdents64(3, [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./96/file2" [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3178] rt_sigprocmask(SIG_SETMASK, [], [pid 289] close(3 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 290] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./92" [pid 3178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3178] write(4, "#! \n", 4 [pid 289] <... rmdir resumed>) = 0 [pid 3178] <... write resumed>) = 4 [pid 290] newfstatat(AT_FDCWD, "./96/binderfs", [pid 289] mkdir("./93", 0777 [pid 3178] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3178] <... futex resumed>) = 1 [pid 3163] <... futex resumed>) = 0 [pid 290] unlink("./96/binderfs" [pid 289] <... mkdir resumed>) = 0 [pid 3163] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3168] <... futex resumed>) = 0 [pid 3163] <... futex resumed>) = 1 [pid 3178] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... unlink resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3168] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3163] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3168] <... mmap resumed>) = 0x200000000000 [pid 290] getdents64(3, [pid 3168] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3163] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3168] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3163] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 3168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3163] <... futex resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./96") = 0 [pid 290] mkdir("./97", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3163] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3168] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3178] <... futex resumed>) = ? [pid 3163] <... futex resumed>) = ? [pid 3178] +++ killed by SIGBUS +++ [pid 3168] +++ killed by SIGBUS +++ [pid 3163] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3163, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3173] <... close resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 3173] mkdir("./file2", 0777 [pid 291] close(3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 3173] <... mkdir resumed>) = 0 [pid 288] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", [pid 3173] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] close(3 [pid 289] close(3./strace-static-x86_64: Process 3179 attached [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3179 [pid 3179] set_robust_list(0x555594a056a0, 24) = 0 [pid 3179] chdir("./94") = 0 [pid 3179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3179] setpgid(0, 0) = 0 [pid 3179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3179] write(3, "1000", 4) = 4 [pid 3179] close(3) = 0 [pid 3179] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3179] write(1, "executing program\n", 18) = 18 [pid 3179] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3179] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3179] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3180]}, 88) = 3180 [pid 3179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3179] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3179] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3180 attached [pid 3180] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3180] memfd_create("syzkaller", 0) = 3 [pid 3180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [ 68.220094][ T3168] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3180] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3180] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3173] <... mount resumed>) = 0 [pid 3173] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3173] chdir("./file2") = 0 [pid 3173] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3180] <... openat resumed>) = 4 [pid 3173] <... openat resumed>) = 4 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 3180] ioctl(4, LOOP_SET_FD, 3 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3185 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3184 [pid 288] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./92/file2") = 0 ./strace-static-x86_64: Process 3185 attached ./strace-static-x86_64: Process 3184 attached [pid 3180] <... ioctl resumed>) = 0 [pid 3173] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3180] close(3) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3180] close(4 [pid 288] newfstatat(AT_FDCWD, "./92/binderfs", [pid 3185] set_robust_list(0x555594a056a0, 24 [pid 3184] set_robust_list(0x555594a056a0, 24 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./92/binderfs" [pid 3185] <... set_robust_list resumed>) = 0 [pid 3184] <... set_robust_list resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 3185] chdir("./97") = 0 [pid 3185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3185] setpgid(0, 0) = 0 [pid 3185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] getdents64(3, [pid 3185] <... openat resumed>) = 3 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3185] write(3, "1000", 4) = 4 [pid 3185] close(3) = 0 [pid 3185] symlink("/dev/binderfs", "./binderfs" [pid 3184] chdir("./93" [pid 3185] <... symlink resumed>) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./92" [pid 3185] write(1, "executing program\n", 18 [pid 3184] <... chdir resumed>) = 0 executing program [pid 288] <... rmdir resumed>) = 0 [pid 3185] <... write resumed>) = 18 [pid 3184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3184] setpgid(0, 0) = 0 [pid 3184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] mkdir("./93", 0777 [pid 3185] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3184] <... openat resumed>) = 3 [pid 3184] write(3, "1000", 4) = 4 [pid 3184] close(3) = 0 executing program [pid 3184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3184] write(1, "executing program\n", 18) = 18 [pid 3184] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3184] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3184] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 3184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3187]}, 88) = 3187 [pid 3184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3184] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3184] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3187 attached [pid 3187] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3187] memfd_create("syzkaller", 0 [pid 3185] <... futex resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3187] <... memfd_create resumed>) = 3 [pid 3187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3185] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3185] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3188]}, 88) = 3188 [pid 3185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3188 attached [pid 3188] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3188] memfd_create("syzkaller", 0 [pid 3187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3188] <... memfd_create resumed>) = 3 [pid 3188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3187] <... write resumed>) = 524288 [pid 3187] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3187] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3188] munmap(0x7f0ae48af000, 138412032) = 0 [ 68.288584][ T3173] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3188] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3180] <... close resumed>) = 0 [pid 3173] <... ioctl resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 3180] mkdir("./file2", 0777 [pid 3188] <... openat resumed>) = 4 [pid 3188] ioctl(4, LOOP_SET_FD, 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 3173] close(4 [pid 3188] <... ioctl resumed>) = 0 [pid 3188] close(3) = 0 [pid 3188] close(4 [pid 3187] <... openat resumed>) = 4 [pid 3180] <... mkdir resumed>) = 0 [pid 3187] ioctl(4, LOOP_SET_FD, 3 [pid 3180] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3188] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3173] <... close resumed>) = 0 [pid 3188] mkdir("./file2", 0777) = 0 [pid 3187] <... ioctl resumed>) = 0 [pid 3173] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] close(3 [pid 3187] close(3 [pid 3173] <... futex resumed>) = 1 [pid 3167] <... futex resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 3187] <... close resumed>) = 0 [pid 3173] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3167] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3187] close(4 [pid 3173] <... openat resumed>) = 4 [pid 3167] <... futex resumed>) = 0 [pid 3173] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3167] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3173] <... futex resumed>) = 0 [pid 3167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3191 ./strace-static-x86_64: Process 3191 attached [pid 3188] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3173] write(4, "#! \n", 4 [pid 3167] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3191] set_robust_list(0x555594a056a0, 24) = 0 [pid 3191] chdir("./93" [pid 3167] <... futex resumed>) = 0 [pid 3191] <... chdir resumed>) = 0 [pid 3191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3173] <... write resumed>) = 4 [pid 3167] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3173] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3191] setpgid(0, 0) = 0 [pid 3191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3191] write(3, "1000", 4) = 4 [pid 3191] close(3) = 0 [pid 3191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3167] <... futex resumed>) = 0 [pid 3173] <... futex resumed>) = 0 [pid 3167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3173] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3167] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3167] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITEexecuting program ) = 0 [pid 3167] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3191] write(1, "executing program\n", 18 [pid 3167] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3191] <... write resumed>) = 18 [pid 3191] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3191] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3167] <... clone3 resumed> => {parent_tid=[3192]}, 88) = 3192 [pid 3191] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3191] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3167] rt_sigprocmask(SIG_SETMASK, [], [pid 3191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3167] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3167] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3191] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3191] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 3192 attached [pid 3191] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3192] set_robust_list(0x7f0aeccae9a0, 24 [pid 3191] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3193]}, 88) = 3193 [pid 3191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3191] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3191] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3192] <... set_robust_list resumed>) = 0 [pid 3192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3192] write(4, "#! \n", 4) = 4 [pid 3192] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3167] <... futex resumed>) = 0 [pid 3167] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3173] <... futex resumed>) = 0 [pid 3167] <... futex resumed>) = 1 [pid 3173] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3167] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3193 attached [pid 3173] <... mmap resumed>) = 0x200000000000 [pid 3173] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3167] <... futex resumed>) = 0 [pid 3173] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3167] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3167] <... futex resumed>) = 0 [pid 3193] set_robust_list(0x7f0aecccf9a0, 24 [pid 3192] <... futex resumed>) = 1 [pid 3193] <... set_robust_list resumed>) = 0 [pid 3192] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3193] memfd_create("syzkaller", 0) = 3 [pid 3193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3193] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3193] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3167] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3173] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3167] <... futex resumed>) = ? [pid 3192] <... futex resumed>) = ? [pid 3192] +++ killed by SIGBUS +++ [pid 3173] +++ killed by SIGBUS +++ [pid 3167] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3167, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3180] <... mount resumed>) = 0 [pid 3180] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3180] chdir("./file2") = 0 [pid 3180] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3193] <... openat resumed>) = 4 [pid 3187] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 3193] ioctl(4, LOOP_SET_FD, 3 [pid 3187] mkdir("./file2", 0777) = 0 [pid 3187] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./99/file2") = 0 [pid 287] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./99/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./99") = 0 [pid 287] mkdir("./100", 0777) = 0 [ 68.417506][ T3173] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 68.432965][ T3180] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3188] <... mount resumed>) = 0 [pid 3188] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3188] chdir("./file2") = 0 [pid 3188] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3180] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 3193] <... ioctl resumed>) = 0 [pid 3193] close(3) = 0 [pid 3193] close(4 [ 68.498506][ T3188] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3180] ioctl(4, LOOP_CLR_FD [pid 3193] <... close resumed>) = 0 [pid 3188] <... openat resumed>) = 4 [pid 3180] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3193] mkdir("./file2", 0777 [pid 3188] ioctl(4, LOOP_CLR_FD [pid 3180] close(4 [pid 287] close(3 [pid 3193] <... mkdir resumed>) = 0 [pid 3188] <... ioctl resumed>) = 0 [pid 3180] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3193] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3188] close(4 [pid 3180] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3188] <... close resumed>) = 0 [pid 3180] <... futex resumed>) = 1 [pid 3179] <... futex resumed>) = 0 [pid 3188] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3199 [pid 3188] <... futex resumed>) = 1 [pid 3188] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3185] <... futex resumed>) = 0 [pid 3179] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3199 attached [pid 3199] set_robust_list(0x555594a056a0, 24) = 0 [pid 3199] chdir("./100") = 0 [pid 3199] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = 0 [pid 3179] <... futex resumed>) = 1 [pid 3188] <... futex resumed>) = 0 [pid 3185] <... futex resumed>) = 1 [pid 3180] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3179] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3180] <... openat resumed>) = 4 [pid 3188] <... openat resumed>) = 4 [pid 3180] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = 1 [pid 3179] <... futex resumed>) = 0 [pid 3188] <... futex resumed>) = 1 [pid 3185] <... futex resumed>) = 0 [pid 3180] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3179] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3179] <... futex resumed>) = 0 [pid 3188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3185] <... futex resumed>) = 0 [pid 3180] write(4, "#! \n", 4 [pid 3179] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] write(4, "#! \n", 4 [pid 3185] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] <... write resumed>) = 4 [pid 3185] <... futex resumed>) = 0 [pid 3180] <... write resumed>) = 4 [pid 3179] <... futex resumed>) = 0 [pid 3188] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3180] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3188] <... futex resumed>) = 0 [pid 3185] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3180] <... futex resumed>) = 0 [pid 3179] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3188] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3185] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3180] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3179] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3185] <... mprotect resumed>) = 0 [pid 3179] <... mprotect resumed>) = 0 [pid 3185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3179] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3185] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3179] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3185] <... clone3 resumed> => {parent_tid=[3201]}, 88) = 3201 [pid 3185] rt_sigprocmask(SIG_SETMASK, [], [pid 3179] <... clone3 resumed> => {parent_tid=[3202]}, 88) = 3202 [pid 3185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3179] rt_sigprocmask(SIG_SETMASK, [], [pid 3185] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3185] <... futex resumed>) = 0 [pid 3179] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3185] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... futex resumed>) = 0 [pid 3179] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3199] <... prctl resumed>) = 0 [pid 3199] setpgid(0, 0) = 0 [pid 3199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3199] write(3, "1000", 4) = 4 [pid 3199] close(3) = 0 [pid 3199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3199] write(1, "executing program\n", 18executing program ) = 18 [pid 3199] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3199] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3199] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 3202 attached ./strace-static-x86_64: Process 3201 attached [pid 3199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3202] set_robust_list(0x7f0aeccae9a0, 24 [pid 3201] set_robust_list(0x7f0aeccae9a0, 24 [pid 3202] <... set_robust_list resumed>) = 0 [pid 3199] <... clone3 resumed> => {parent_tid=[3205]}, 88) = 3205 [pid 3199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3199] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3199] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3202] rt_sigprocmask(SIG_SETMASK, [], [pid 3201] <... set_robust_list resumed>) = 0 [pid 3202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3201] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3205 attached [pid 3202] write(4, "#! \n", 4 [pid 3201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3193] <... mount resumed>) = 0 [pid 3202] <... write resumed>) = 4 [pid 3201] write(4, "#! \n", 4 [pid 3202] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] <... write resumed>) = 4 [pid 3202] <... futex resumed>) = 1 [pid 3201] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] <... futex resumed>) = 0 [pid 3202] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3201] <... futex resumed>) = 1 [pid 3185] <... futex resumed>) = 0 [pid 3179] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3201] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] <... futex resumed>) = 1 [pid 3180] <... futex resumed>) = 0 [pid 3188] <... futex resumed>) = 0 [pid 3185] <... futex resumed>) = 1 [pid 3180] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3179] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3188] <... mmap resumed>) = 0x200000000000 [pid 3180] <... mmap resumed>) = 0x200000000000 [pid 3188] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3180] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3193] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3193] chdir("./file2") = 0 [pid 3193] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3193] ioctl(4, LOOP_CLR_FD) = 0 [pid 3193] close(4) = 0 [pid 3193] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] <... futex resumed>) = 1 [pid 3185] <... futex resumed>) = 0 [pid 3180] <... futex resumed>) = 1 [pid 3179] <... futex resumed>) = 0 [pid 3193] <... futex resumed>) = 1 [pid 3193] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3205] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3191] <... futex resumed>) = 0 [pid 3185] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3179] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3205] memfd_create("syzkaller", 0) = 3 [pid 3205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3205] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3205] ioctl(4, LOOP_SET_FD, 3 [pid 3187] <... mount resumed>) = 0 [pid 3187] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3187] chdir("./file2") = 0 [ 68.602274][ T3193] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 68.618162][ T3187] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 68.634701][ T3188] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3187] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3191] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3188] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3185] <... futex resumed>) = 0 [pid 3179] <... futex resumed>) = 0 [pid 3193] <... futex resumed>) = 0 [pid 3191] <... futex resumed>) = 1 [pid 3185] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3193] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3191] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3193] <... openat resumed>) = 4 [pid 3193] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3191] <... futex resumed>) = 0 [pid 3193] write(4, "#! \n", 4 [pid 3191] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3193] <... write resumed>) = 4 [pid 3191] <... futex resumed>) = 0 [pid 3193] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3191] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3193] <... futex resumed>) = 0 [pid 3191] <... futex resumed>) = 0 [pid 3193] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3191] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3208]}, 88) = 3208 [pid 3191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3191] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3191] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3201] <... futex resumed>) = ? [pid 3185] <... futex resumed>) = ? [pid 3201] +++ killed by SIGBUS +++ [pid 3188] +++ killed by SIGBUS +++ [pid 3185] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3185, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3208 attached [pid 3208] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3208] write(4, "#! \n", 4) = 4 [pid 3208] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3205] <... ioctl resumed>) = 0 [pid 3205] close(3 [pid 3191] <... futex resumed>) = 0 [pid 3191] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3193] <... futex resumed>) = 0 [pid 3191] <... futex resumed>) = 1 [pid 3193] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3191] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3193] <... mmap resumed>) = 0x200000000000 [pid 3193] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3191] <... futex resumed>) = 0 [pid 3208] <... futex resumed>) = 1 [pid 3205] <... close resumed>) = 0 [pid 3191] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3187] <... openat resumed>) = 4 [pid 3180] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3205] close(4 [pid 3187] ioctl(4, LOOP_CLR_FD) = 0 [pid 3187] close(4 [pid 3208] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3191] <... futex resumed>) = 0 [pid 3191] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3179] <... futex resumed>) = ? [pid 3202] <... futex resumed>) = ? [pid 3202] +++ killed by SIGBUS +++ [pid 3180] +++ killed by SIGBUS +++ [pid 3179] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3179, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... restart_syscall resumed>) = 0 [pid 3193] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 290] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3208] <... futex resumed>) = ? [pid 3191] <... futex resumed>) = ? [pid 3208] +++ killed by SIGBUS +++ [pid 3193] +++ killed by SIGBUS +++ [pid 3191] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3191, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3205] <... close resumed>) = 0 [pid 3187] <... close resumed>) = 0 [pid 3205] mkdir("./file2", 0777 [pid 3187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3184] <... futex resumed>) = 0 [pid 3187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3184] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3205] <... mkdir resumed>) = 0 [pid 3187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3184] <... futex resumed>) = 0 [pid 3187] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3184] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3205] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3187] <... openat resumed>) = 4 [pid 3187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3184] <... futex resumed>) = 0 [pid 3187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3184] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3184] <... futex resumed>) = 0 [pid 3187] write(4, "#! \n", 4 [pid 3184] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3187] <... write resumed>) = 4 [pid 3184] <... futex resumed>) = 0 [pid 3187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3187] <... futex resumed>) = 0 [pid 3184] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3184] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3209]}, 88) = 3209 [pid 3184] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... restart_syscall resumed>) = 0 [pid 3184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3184] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3184] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 3209 attached [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3209] set_robust_list(0x7f0aeccae9a0, 24 [pid 288] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3209] <... set_robust_list resumed>) = 0 [pid 3209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3209] write(4, "#! \n", 4) = 4 [pid 3209] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3209] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3184] <... futex resumed>) = 0 [pid 3184] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3187] <... futex resumed>) = 0 [pid 3184] <... futex resumed>) = 1 [pid 3187] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3184] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3187] <... mmap resumed>) = 0x200000000000 [pid 3187] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3184] <... futex resumed>) = 0 [pid 3187] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3184] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3184] <... futex resumed>) = 0 [ 68.640048][ T3180] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 68.665075][ T3193] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3184] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3187] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3209] <... futex resumed>) = ? [pid 3184] <... futex resumed>) = ? [pid 3209] +++ killed by SIGBUS +++ [pid 3187] +++ killed by SIGBUS +++ [pid 3184] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3184, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 68.695174][ T3187] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 291] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./94/file2", [pid 290] newfstatat(AT_FDCWD, "./97/file2", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 4 [pid 288] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(4, "", [pid 290] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 289] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... close resumed>) = 0 [pid 290] close(4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./93/file2", [pid 291] rmdir("./94/file2" [pid 290] <... close resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./93/file2", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... rmdir resumed>) = 0 [pid 290] rmdir("./97/file2" [pid 289] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", [pid 290] <... rmdir resumed>) = 0 [pid 291] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(4, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4 [pid 289] close(4 [pid 288] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] rmdir("./93/file2" [pid 289] rmdir("./93/file2" [pid 288] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./93/binderfs", [pid 289] newfstatat(AT_FDCWD, "./93/binderfs", [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./93/binderfs" [pid 289] unlink("./93/binderfs" [pid 288] <... unlink resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 288] getdents64(3, [pid 289] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 289] close(3 [pid 288] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] rmdir("./93" [pid 289] rmdir("./93" [pid 288] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 288] mkdir("./94", 0777 [pid 289] mkdir("./94", 0777 [pid 288] <... mkdir resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./97/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./97") = 0 [pid 290] mkdir("./98", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./94/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./94") = 0 [pid 291] mkdir("./95", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3205] <... mount resumed>) = 0 [pid 3205] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3205] chdir("./file2") = 0 [pid 3205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 288] <... openat resumed>) = 3 [pid 3205] ioctl(4, LOOP_CLR_FD [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 3205] <... ioctl resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3205] close(4 [pid 291] close(3 [pid 290] close(3 [pid 289] close(3 [pid 288] close(3 [pid 3205] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 3205] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3205] <... futex resumed>) = 1 [pid 3199] <... futex resumed>) = 0 [pid 3205] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3199] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3212 [pid 3199] <... futex resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3199] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3213 ./strace-static-x86_64: Process 3212 attached [pid 3212] set_robust_list(0x555594a056a0, 24) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3214 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3215 [pid 3212] chdir("./94") = 0 [pid 3212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3212] setpgid(0, 0) = 0 [pid 3212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3212] write(3, "1000", 4) = 4 [pid 3212] close(3) = 0 [pid 3212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3212] write(1, "executing program\n", 18executing program ) = 18 [pid 3212] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3212] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3212] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3216]}, 88) = 3216 [pid 3212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3212] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3212] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3213 attached [pid 3213] set_robust_list(0x555594a056a0, 24) = 0 [pid 3213] chdir("./95") = 0 [pid 3213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3213] setpgid(0, 0) = 0 [pid 3213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3205] <... openat resumed>) = 4 ./strace-static-x86_64: Process 3215 attached ./strace-static-x86_64: Process 3214 attached ./strace-static-x86_64: Process 3216 attached [pid 3205] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3216] set_robust_list(0x7f0aecccf9a0, 24 [pid 3215] set_robust_list(0x555594a056a0, 24 [pid 3214] set_robust_list(0x555594a056a0, 24 [pid 3205] <... futex resumed>) = 1 [pid 3199] <... futex resumed>) = 0 [pid 3216] <... set_robust_list resumed>) = 0 [pid 3215] <... set_robust_list resumed>) = 0 [pid 3214] <... set_robust_list resumed>) = 0 [pid 3205] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3199] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3199] <... futex resumed>) = 0 [pid 3215] chdir("./94" [pid 3205] write(4, "#! \n", 4 [pid 3199] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] chdir("./98" [pid 3205] <... write resumed>) = 4 [pid 3199] <... futex resumed>) = 0 [pid 3215] <... chdir resumed>) = 0 [pid 3205] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3216] rt_sigprocmask(SIG_SETMASK, [], [pid 3215] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3214] <... chdir resumed>) = 0 [pid 3205] <... futex resumed>) = 0 [pid 3199] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3215] <... prctl resumed>) = 0 [pid 3214] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3205] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3199] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3215] setpgid(0, 0 [pid 3214] <... prctl resumed>) = 0 [pid 3215] <... setpgid resumed>) = 0 [pid 3199] <... mprotect resumed>) = 0 [pid 3214] setpgid(0, 0 [pid 3213] write(3, "1000", 4 [pid 3199] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3213] <... write resumed>) = 4 [pid 3215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3199] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3214] <... setpgid resumed>) = 0 [pid 3199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3213] close(3) = 0 [pid 3213] symlink("/dev/binderfs", "./binderfs" [pid 3215] <... openat resumed>) = 3 [pid 3216] memfd_create("syzkaller", 0 [pid 3215] write(3, "1000", 4 [pid 3214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3213] <... symlink resumed>) = 0 [pid 3199] <... clone3 resumed> => {parent_tid=[3217]}, 88) = 3217 [pid 3216] <... memfd_create resumed>) = 3 [pid 3215] <... write resumed>) = 4 [pid 3199] rt_sigprocmask(SIG_SETMASK, [], [pid 3216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3215] close(3 [pid 3214] <... openat resumed>) = 3 [pid 3199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3216] <... mmap resumed>) = 0x7f0ae48af000 [pid 3215] <... close resumed>) = 0 [pid 3199] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] symlink("/dev/binderfs", "./binderfs" [pid 3214] write(3, "1000", 4 [pid 3199] <... futex resumed>) = 0 executing program [pid 3213] write(1, "executing program\n", 18 [pid 3199] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3215] <... symlink resumed>) = 0 [pid 3214] <... write resumed>) = 4 [pid 3213] <... write resumed>) = 18 [pid 3213] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3213] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}executing program [pid 3216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3215] write(1, "executing program\n", 18 [pid 3214] close(3 [pid 3215] <... write resumed>) = 18 [pid 3214] <... close resumed>) = 0 [pid 3215] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] symlink("/dev/binderfs", "./binderfs" [pid 3215] <... futex resumed>) = 0 executing program [pid 3215] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3214] <... symlink resumed>) = 0 [pid 3213] <... clone3 resumed> => {parent_tid=[3218]}, 88) = 3218 [pid 3215] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3214] write(1, "executing program\n", 18 [pid 3215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3214] <... write resumed>) = 18 [pid 3215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3214] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3213] rt_sigprocmask(SIG_SETMASK, [], [pid 3215] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3214] <... futex resumed>) = 0 [pid 3215] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3214] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3215] <... mprotect resumed>) = 0 [pid 3214] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3215] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3213] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3217 attached [pid 3217] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3217] write(4, "#! \n", 4) = 4 [pid 3217] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3199] <... futex resumed>) = 0 [pid 3199] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3205] <... futex resumed>) = 0 [pid 3199] <... futex resumed>) = 1 [pid 3205] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3199] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3215] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3205] <... mmap resumed>) = 0x200000000000 [pid 3215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3205] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3205] <... futex resumed>) = 1 [pid 3199] <... futex resumed>) = 0 [pid 3215] <... clone3 resumed> => {parent_tid=[3219]}, 88) = 3219 [pid 3214] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3205] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3199] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] rt_sigprocmask(SIG_SETMASK, [], [pid 3214] <... mprotect resumed>) = 0 [pid 3205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3199] <... futex resumed>) = 0 [pid 3217] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3218 attached [pid 3218] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 68.911188][ T3205] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3218] memfd_create("syzkaller", 0) = 3 [pid 3218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3218] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3218] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3218] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3219 attached [pid 3219] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3216] <... write resumed>) = 524288 [pid 3216] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3216] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3219] <... futex resumed>) = 0 [pid 3219] memfd_create("syzkaller", 0) = 3 [pid 3219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3199] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3205] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3217] <... futex resumed>) = ? [pid 3214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3199] <... futex resumed>) = ? [pid 3218] <... ioctl resumed>) = 0 [pid 3217] +++ killed by SIGBUS +++ [pid 3214] <... clone3 resumed> => {parent_tid=[3221]}, 88) = 3221 [pid 3214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3205] +++ killed by SIGBUS +++ [pid 3199] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3199, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 3221 attached [pid 3219] <... write resumed>) = 524288 [pid 3221] set_robust_list(0x7f0aecccf9a0, 24 [pid 3219] munmap(0x7f0ae48af000, 138412032 [pid 3218] close(3 [pid 3216] <... openat resumed>) = 4 [pid 287] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3219] <... munmap resumed>) = 0 [pid 3219] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3216] ioctl(4, LOOP_SET_FD, 3 [pid 3221] <... set_robust_list resumed>) = 0 [pid 3221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3221] memfd_create("syzkaller", 0) = 3 [pid 3221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3218] <... close resumed>) = 0 [pid 3218] close(4 [pid 3221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3216] <... ioctl resumed>) = 0 [pid 3219] <... openat resumed>) = 4 [pid 3219] ioctl(4, LOOP_SET_FD, 3 [pid 3216] close(3) = 0 [pid 3216] close(4 [pid 3219] <... ioctl resumed>) = 0 [pid 3219] close(3) = 0 [pid 3219] close(4 [pid 3221] <... write resumed>) = 524288 [pid 3221] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3221] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3218] <... close resumed>) = 0 [pid 3216] <... close resumed>) = 0 [pid 3218] mkdir("./file2", 0777 [pid 3216] mkdir("./file2", 0777 [pid 3218] <... mkdir resumed>) = 0 [pid 3218] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3216] <... mkdir resumed>) = 0 [ 68.969888][ T3205] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3216] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3219] <... close resumed>) = 0 [pid 3219] mkdir("./file2", 0777) = 0 [pid 3219] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./100/file2") = 0 [pid 287] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./100/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./100") = 0 [pid 287] mkdir("./101", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3221] <... openat resumed>) = 4 [pid 3221] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 3221] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3221] close(3 [pid 287] close(3 [pid 3221] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3221] close(4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3221] <... close resumed>) = 0 [pid 3221] mkdir("./file2", 0777 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3228 ./strace-static-x86_64: Process 3228 attached [pid 3221] <... mkdir resumed>) = 0 [pid 3221] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3228] set_robust_list(0x555594a056a0, 24) = 0 [pid 3228] chdir("./101") = 0 [pid 3228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3228] setpgid(0, 0) = 0 [pid 3228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3228] write(3, "1000", 4) = 4 [pid 3228] close(3) = 0 [pid 3228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3228] write(1, "executing program\n", 18executing program ) = 18 [pid 3228] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3228] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3228] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3233]}, 88) = 3233 [pid 3228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3216] <... mount resumed>) = 0 [pid 3216] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3216] chdir("./file2") = 0 [pid 3216] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3216] ioctl(4, LOOP_CLR_FD) = 0 [pid 3216] close(4) = 0 [pid 3216] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3212] <... futex resumed>) = 0 [pid 3212] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3212] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3216] <... futex resumed>) = 1 [pid 3216] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3216] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3212] <... futex resumed>) = 0 [pid 3212] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3212] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3212] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3234]}, 88) = 3234 [pid 3212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3212] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3212] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3216] <... futex resumed>) = 1 [pid 3216] write(4, "#! \n", 4) = 4 [pid 3216] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3216] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3233 attached [pid 3233] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3233] memfd_create("syzkaller", 0) = 3 [pid 3233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3233] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3233] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3234 attached [pid 3234] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3234] write(4, "#! \n", 4) = 4 [pid 3234] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3212] <... futex resumed>) = 0 [pid 3212] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3216] <... futex resumed>) = 0 [pid 3212] <... futex resumed>) = 1 [pid 3216] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3212] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3216] <... mmap resumed>) = 0x200000000000 [pid 3216] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3212] <... futex resumed>) = 0 [pid 3234] <... futex resumed>) = 1 [pid 3219] <... mount resumed>) = 0 [pid 3218] <... mount resumed>) = 0 [pid 3212] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3219] chdir("./file2") = 0 [pid 3219] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3218] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3234] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3218] <... openat resumed>) = 3 [pid 3218] chdir("./file2") = 0 [ 69.218581][ T3216] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 69.218797][ T3218] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 69.253529][ T3219] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3218] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3233] <... ioctl resumed>) = 0 [pid 3216] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3212] <... futex resumed>) = 0 [pid 3233] close(3 [pid 3212] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3233] <... close resumed>) = 0 [pid 3233] close(4 [pid 3212] <... futex resumed>) = ? [pid 3234] <... futex resumed>) = ? [pid 3234] +++ killed by SIGBUS +++ [pid 3216] +++ killed by SIGBUS +++ [pid 3212] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3212, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3219] <... openat resumed>) = 4 [pid 3219] ioctl(4, LOOP_CLR_FD) = 0 [pid 3219] close(4) = 0 [pid 3219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] <... futex resumed>) = 0 [pid 3219] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3233] <... close resumed>) = 0 [pid 3221] <... mount resumed>) = 0 [pid 3219] <... openat resumed>) = 4 [pid 3218] <... openat resumed>) = 4 [pid 288] <... restart_syscall resumed>) = 0 [pid 3219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] <... futex resumed>) = 0 [pid 3219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3215] <... futex resumed>) = 0 [pid 3219] write(4, "#! \n", 4 [pid 3215] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] <... write resumed>) = 4 [pid 3215] <... futex resumed>) = 0 [pid 3219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3219] <... futex resumed>) = 0 [pid 3215] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3215] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3238]}, 88) = 3238 [pid 3215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3215] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3215] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3221] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3221] chdir("./file2") = 0 [pid 3221] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3221] ioctl(4, LOOP_CLR_FD) = 0 [pid 3221] close(4) = 0 [pid 3221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] <... futex resumed>) = 0 [pid 3214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3221] <... futex resumed>) = 1 [pid 3221] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3233] mkdir("./file2", 0777 [pid 3221] <... openat resumed>) = 4 [pid 3221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] <... futex resumed>) = 0 [pid 3214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3214] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3214] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3233] <... mkdir resumed>) = 0 [pid 3214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3233] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3239]}, 88) = 3239 [pid 3214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3214] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3214] <... futex resumed>) = 0 [pid 3214] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3221] <... futex resumed>) = 1 [pid 3221] write(4, "#! \n", 4 [pid 288] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3218] ioctl(4, LOOP_CLR_FD [pid 3221] <... write resumed>) = 4 [pid 3218] <... ioctl resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 3221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] newfstatat(3, "", [pid 3218] close(4 [pid 3221] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3218] <... close resumed>) = 0 [pid 3221] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 288] getdents64(3, [pid 3218] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3239 attached [pid 3239] set_robust_list(0x7f0aeccae9a0, 24 [pid 3218] <... futex resumed>) = 1 [pid 3213] <... futex resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3218] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3213] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3239] <... set_robust_list resumed>) = 0 [pid 3239] rt_sigprocmask(SIG_SETMASK, [], [pid 3213] <... futex resumed>) = 0 [pid 3213] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3218] <... openat resumed>) = 4 [pid 3218] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3213] <... futex resumed>) = 0 [pid 3218] write(4, "#! \n", 4 [pid 3213] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3218] <... write resumed>) = 4 [pid 3213] <... futex resumed>) = 0 [pid 3218] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3213] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3218] <... futex resumed>) = 0 [pid 3213] <... futex resumed>) = 0 [pid 3218] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3213] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3240]}, 88) = 3240 [pid 3213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3213] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3213] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3239] write(4, "#! \n", 4) = 4 [pid 3239] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] <... futex resumed>) = 0 [pid 3214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3221] <... futex resumed>) = 0 [pid 3221] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3221] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3214] <... futex resumed>) = 0 [pid 3214] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3214] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3221] <... futex resumed>) = 1 [ 69.255496][ T3216] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 69.271568][ T3221] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3239] <... futex resumed>) = 1 [pid 3239] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3238 attached [pid 3238] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3238] write(4, "#! \n", 4) = 4 [pid 3238] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3215] <... futex resumed>) = 0 [pid 3215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] <... futex resumed>) = 0 [pid 3215] <... futex resumed>) = 1 [pid 3219] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3219] <... mmap resumed>) = 0x200000000000 [pid 3219] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3215] <... futex resumed>) = 0 [pid 3219] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3215] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3215] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3240 attached [pid 3238] <... futex resumed>) = 1 [pid 3233] <... mount resumed>) = 0 [pid 3221] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3215] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3240] set_robust_list(0x7f0aeccae9a0, 24 [pid 3233] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3219] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3215] <... futex resumed>) = ? [pid 3238] +++ killed by SIGBUS +++ [pid 3240] <... set_robust_list resumed>) = 0 [pid 3233] <... openat resumed>) = 3 [pid 3240] rt_sigprocmask(SIG_SETMASK, [], [pid 3239] <... futex resumed>) = ? [pid 3233] chdir("./file2" [pid 3214] <... futex resumed>) = ? [pid 3240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3219] +++ killed by SIGBUS +++ [pid 3215] +++ killed by SIGBUS +++ [pid 3233] <... chdir resumed>) = 0 [pid 3239] +++ killed by SIGBUS +++ [pid 3240] write(4, "#! \n", 4 [pid 3233] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3215, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 3240] <... write resumed>) = 4 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3240] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3213] <... futex resumed>) = 0 [pid 3213] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3218] <... futex resumed>) = 0 [pid 3213] <... futex resumed>) = 1 [pid 3218] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3213] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3218] <... mmap resumed>) = 0x200000000000 [pid 3218] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3213] <... futex resumed>) = 0 [pid 3218] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3213] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3213] <... futex resumed>) = 0 [pid 3240] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3221] +++ killed by SIGBUS +++ [pid 3214] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3214, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3213] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 289] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... openat resumed>) = 3 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(3, "", [pid 290] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] getdents64(3, [pid 290] newfstatat(3, "", [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3218] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3240] <... futex resumed>) = ? [pid 3213] <... futex resumed>) = ? [pid 3240] +++ killed by SIGBUS +++ [pid 3218] +++ killed by SIGBUS +++ [pid 3213] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3213, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3233] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 3233] ioctl(4, LOOP_CLR_FD [pid 288] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./94/file2") = 0 [pid 288] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./94/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./94") = 0 [pid 288] mkdir("./95", 0777) = 0 [ 69.305868][ T3221] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 69.318754][ T3233] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 69.328601][ T3219] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 69.352985][ T3218] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3233] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 3233] close(4 [pid 290] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3233] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3233] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./98/file2", [pid 3233] <... futex resumed>) = 1 [pid 3228] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3233] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3228] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3233] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3233] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 4 [pid 3233] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 3233] <... futex resumed>) = 1 [pid 3228] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3233] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 3233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3228] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3233] write(4, "#! \n", 4 [pid 3228] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] getdents64(4, [pid 3233] <... write resumed>) = 4 [pid 3228] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3233] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] close(4 [pid 3233] <... futex resumed>) = 0 [pid 3228] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... close resumed>) = 0 [pid 3233] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3228] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] rmdir("./98/file2" [pid 3228] <... mprotect resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 3228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3228] <... clone3 resumed> => {parent_tid=[3243]}, 88) = 3243 [pid 290] unlink("./98/binderfs" [pid 3228] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... unlink resumed>) = 0 [pid 3228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] getdents64(3, [pid 3228] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3228] <... futex resumed>) = 0 [pid 290] close(3 [pid 3228] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./98") = 0 [pid 290] mkdir("./99", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3244 ./strace-static-x86_64: Process 3244 attached [pid 3244] set_robust_list(0x555594a056a0, 24) = 0 [pid 3244] chdir("./99"./strace-static-x86_64: Process 3243 attached ) = 0 [pid 3243] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3243] rt_sigprocmask(SIG_SETMASK, [], [pid 3244] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3244] <... prctl resumed>) = 0 [pid 3244] setpgid(0, 0 [pid 3243] write(4, "#! \n", 4 [pid 291] <... umount2 resumed>) = 0 [pid 3243] <... write resumed>) = 4 [pid 3244] <... setpgid resumed>) = 0 [pid 3244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3243] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3228] <... futex resumed>) = 0 [pid 3228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3233] <... futex resumed>) = 0 [pid 3228] <... futex resumed>) = 1 [pid 3233] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3233] <... mmap resumed>) = 0x200000000000 [pid 3233] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3228] <... futex resumed>) = 0 [pid 3233] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3228] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3228] <... futex resumed>) = 0 [pid 3244] <... openat resumed>) = 3 [pid 3243] <... futex resumed>) = 1 [pid 291] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] newfstatat(AT_FDCWD, "./95/file2", [pid 289] newfstatat(AT_FDCWD, "./94/file2", [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] close(3 [pid 291] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3245 [pid 291] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 289] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 289] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 289] close(4 [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 291] rmdir("./95/file2" [pid 289] rmdir("./94/file2" [pid 291] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 291] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3228] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] newfstatat(AT_FDCWD, "./95/binderfs", [pid 289] newfstatat(AT_FDCWD, "./94/binderfs", [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./95/binderfs" [pid 289] unlink("./94/binderfs"./strace-static-x86_64: Process 3245 attached [pid 3233] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 291] <... unlink resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 3245] set_robust_list(0x555594a056a0, 24 [pid 291] getdents64(3, [pid 3228] <... futex resumed>) = ? [pid 289] getdents64(3, [pid 3245] <... set_robust_list resumed>) = 0 [pid 3244] write(3, "1000", 4 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3245] chdir("./95" [pid 3244] <... write resumed>) = 4 [pid 3243] +++ killed by SIGBUS +++ [pid 291] close(3 [pid 289] close(3 [pid 3245] <... chdir resumed>) = 0 [pid 3244] close(3 [pid 291] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3245] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3244] <... close resumed>) = 0 [pid 291] rmdir("./95" [pid 289] rmdir("./94" [pid 3245] <... prctl resumed>) = 0 [pid 3244] symlink("/dev/binderfs", "./binderfs" [pid 3233] +++ killed by SIGBUS +++ [pid 3228] +++ killed by SIGBUS +++ [pid 291] <... rmdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 3245] setpgid(0, 0 [pid 3244] <... symlink resumed>) = 0 [pid 291] mkdir("./96", 0777 [pid 3245] <... setpgid resumed>) = 0 [pid 289] mkdir("./95", 0777 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3228, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 291] <... mkdir resumed>) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3245] write(3, "1000", 4executing program [pid 3244] write(1, "executing program\n", 18 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... mkdir resumed>) = 0 [pid 3245] <... write resumed>) = 4 [pid 3245] close(3 [pid 291] <... openat resumed>) = 3 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3245] <... close resumed>) = 0 [pid 3244] <... write resumed>) = 18 [pid 291] ioctl(3, LOOP_CLR_FD [pid 3245] symlink("/dev/binderfs", "./binderfs" [pid 289] <... openat resumed>) = 3 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3245] <... symlink resumed>) = 0 [pid 3244] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3executing program [pid 289] ioctl(3, LOOP_CLR_FD [pid 3245] write(1, "executing program\n", 18 [pid 3244] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3245] <... write resumed>) = 18 [pid 3244] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] close(3 [pid 3245] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3245] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3244] <... rt_sigaction resumed>NULL, 8) = 0 [pid 289] <... close resumed>) = 0 [pid 3245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3246 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 3245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3245] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3247 [pid 3245] <... mprotect resumed>) = 0 [pid 3244] <... mmap resumed>) = 0x7f0aeccaf000 [pid 287] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3244] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 287] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3245] <... clone3 resumed> => {parent_tid=[3248]}, 88) = 3248 [pid 3244] <... mprotect resumed>) = 0 [pid 3245] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... openat resumed>) = 3 [pid 3245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3244] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] newfstatat(3, "", [pid 3245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3244] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3245] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3244] <... clone3 resumed> => {parent_tid=[3249]}, 88) = 3249 [pid 287] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 3247 attached ./strace-static-x86_64: Process 3246 attached ./strace-static-x86_64: Process 3248 attached [pid 3248] set_robust_list(0x7f0aecccf9a0, 24 [pid 3246] set_robust_list(0x555594a056a0, 24 [pid 3244] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] set_robust_list(0x555594a056a0, 24 [pid 3244] <... futex resumed>) = 0 [pid 3246] <... set_robust_list resumed>) = 0 [pid 3247] <... set_robust_list resumed>) = 0 [pid 3244] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3247] chdir("./95" [pid 3246] chdir("./96" [pid 3248] <... set_robust_list resumed>) = 0 [pid 3248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 3249 attached [pid 3248] memfd_create("syzkaller", 0 [pid 3247] <... chdir resumed>) = 0 [pid 3246] <... chdir resumed>) = 0 [pid 3247] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3246] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3247] <... prctl resumed>) = 0 [pid 3246] <... prctl resumed>) = 0 [pid 3247] setpgid(0, 0 [pid 3246] setpgid(0, 0 [pid 3247] <... setpgid resumed>) = 0 [pid 3246] <... setpgid resumed>) = 0 [pid 3249] set_robust_list(0x7f0aecccf9a0, 24 [pid 3248] <... memfd_create resumed>) = 3 [pid 3247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3249] <... set_robust_list resumed>) = 0 [pid 3249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3247] <... openat resumed>) = 3 [pid 3246] <... openat resumed>) = 3 [pid 3247] write(3, "1000", 4 [pid 3246] write(3, "1000", 4 [pid 3247] <... write resumed>) = 4 [pid 3246] <... write resumed>) = 4 [pid 3247] close(3 [pid 3246] close(3 [pid 3247] <... close resumed>) = 0 [pid 3246] <... close resumed>) = 0 executing program executing program [pid 3247] symlink("/dev/binderfs", "./binderfs" [pid 3246] symlink("/dev/binderfs", "./binderfs" [pid 3247] <... symlink resumed>) = 0 [pid 3246] <... symlink resumed>) = 0 [pid 3247] write(1, "executing program\n", 18 [pid 3246] write(1, "executing program\n", 18 [pid 3247] <... write resumed>) = 18 [pid 3246] <... write resumed>) = 18 [pid 3247] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3246] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] <... futex resumed>) = 0 [pid 3246] <... futex resumed>) = 0 [pid 3247] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3246] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3247] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3246] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3249] memfd_create("syzkaller", 0 [pid 3247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3247] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3246] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3247] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3246] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3247] <... mprotect resumed>) = 0 [pid 3246] <... mprotect resumed>) = 0 [pid 3247] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3246] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3247] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3246] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3247] <... clone3 resumed> => {parent_tid=[3250]}, 88) = 3250 [pid 3247] rt_sigprocmask(SIG_SETMASK, [], [pid 3246] <... clone3 resumed> => {parent_tid=[3251]}, 88) = 3251 [pid 3248] <... write resumed>) = 524288 [pid 3247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3246] rt_sigprocmask(SIG_SETMASK, [], [pid 3247] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3247] <... futex resumed>) = 0 [pid 3246] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3246] <... futex resumed>) = 0 [pid 3246] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3250 attached [pid 3250] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3250] memfd_create("syzkaller", 0 [pid 3249] <... memfd_create resumed>) = 3 [pid 3250] <... memfd_create resumed>) = 3 [pid 3250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 3251 attached [pid 3248] munmap(0x7f0ae48af000, 138412032 [pid 3249] <... mmap resumed>) = 0x7f0ae48af000 [pid 3248] <... munmap resumed>) = 0 [pid 3250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3248] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3250] <... write resumed>) = 524288 [pid 3250] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3250] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3251] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3251] memfd_create("syzkaller", 0) = 3 [pid 3251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3249] <... write resumed>) = 524288 [pid 3249] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3249] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3251] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3251] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3250] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [ 69.529586][ T3233] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3250] ioctl(4, LOOP_SET_FD, 3 [pid 3249] <... openat resumed>) = 4 [pid 3248] <... openat resumed>) = 4 [pid 287] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3250] <... ioctl resumed>) = 0 [pid 3248] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3251] <... openat resumed>) = 4 [pid 3251] ioctl(4, LOOP_SET_FD, 3 [pid 3249] ioctl(4, LOOP_SET_FD, 3 [pid 3250] close(3) = 0 [pid 3250] close(4 [pid 287] newfstatat(AT_FDCWD, "./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./101/file2") = 0 [pid 287] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./101/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./101" [pid 3251] <... ioctl resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./102", 0777 [pid 3251] close(3 [pid 287] <... mkdir resumed>) = 0 [pid 3251] <... close resumed>) = 0 [pid 3250] <... close resumed>) = 0 [pid 3249] <... ioctl resumed>) = 0 [pid 3251] close(4 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3250] mkdir("./file2", 0777 [pid 3249] close(3 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 3250] <... mkdir resumed>) = 0 [pid 3250] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3249] <... close resumed>) = 0 [pid 3249] close(4 [pid 3248] <... ioctl resumed>) = 0 [pid 3248] close(3) = 0 [pid 3248] close(4) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3248] mkdir("./file2", 0777 [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3256 [pid 3248] <... mkdir resumed>) = 0 [pid 3249] <... close resumed>) = 0 [pid 3249] mkdir("./file2", 0777) = 0 [pid 3249] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3248] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"./strace-static-x86_64: Process 3256 attached [pid 3256] set_robust_list(0x555594a056a0, 24) = 0 [pid 3256] chdir("./102") = 0 [pid 3256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3251] <... close resumed>) = 0 [pid 3251] mkdir("./file2", 0777) = 0 [pid 3251] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3256] setpgid(0, 0) = 0 [pid 3256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3256] write(3, "1000", 4) = 4 [pid 3256] close(3) = 0 [pid 3256] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3256] write(1, "executing program\n", 18) = 18 [pid 3256] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3256] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3256] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3262]}, 88) = 3262 [pid 3256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3256] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3256] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3262 attached [pid 3262] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3262] memfd_create("syzkaller", 0) = 3 [pid 3262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3262] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3262] ioctl(4, LOOP_SET_FD, 3 [pid 3249] <... mount resumed>) = 0 [pid 3249] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3249] chdir("./file2") = 0 [pid 3249] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3262] <... ioctl resumed>) = 0 [pid 3249] <... openat resumed>) = 4 [pid 3249] ioctl(4, LOOP_CLR_FD) = 0 [pid 3262] close(3 [pid 3249] close(4 [pid 3262] <... close resumed>) = 0 [pid 3249] <... close resumed>) = 0 [pid 3262] close(4 [pid 3249] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3262] <... close resumed>) = 0 [pid 3249] <... futex resumed>) = 1 [pid 3244] <... futex resumed>) = 0 [pid 3262] mkdir("./file2", 0777 [pid 3249] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3244] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3262] <... mkdir resumed>) = 0 [pid 3249] <... openat resumed>) = 4 [pid 3244] <... futex resumed>) = 0 [pid 3262] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3249] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3244] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3249] <... futex resumed>) = 0 [pid 3244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3249] write(4, "#! \n", 4 [pid 3244] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3249] <... write resumed>) = 4 [pid 3244] <... futex resumed>) = 0 [pid 3249] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3244] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3249] <... futex resumed>) = 0 [pid 3244] <... futex resumed>) = 0 [pid 3249] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3244] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3267]}, 88) = 3267 [pid 3244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3244] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3244] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3250] <... mount resumed>) = 0 [pid 3250] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3250] chdir("./file2") = 0 [pid 3250] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3250] ioctl(4, LOOP_CLR_FD) = 0 [ 69.648681][ T3249] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 69.655569][ T3250] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 69.677939][ T3251] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [pid 3250] close(4) = 0 [pid 3250] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] <... futex resumed>) = 0 [pid 3247] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3247] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3250] <... futex resumed>) = 1 [pid 3250] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3250] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3247] <... futex resumed>) = 0 [pid 3250] write(4, "#! \n", 4 [pid 3247] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3250] <... write resumed>) = 4 [pid 3247] <... futex resumed>) = 0 [pid 3250] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3250] <... futex resumed>) = 0 [pid 3247] <... futex resumed>) = 0 [pid 3250] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3247] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3269]}, 88) = 3269 [pid 3247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3247] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3247] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3267 attached ./strace-static-x86_64: Process 3269 attached [pid 3269] set_robust_list(0x7f0aeccae9a0, 24 [pid 3267] set_robust_list(0x7f0aeccae9a0, 24 [pid 3251] <... mount resumed>) = 0 [pid 3248] <... mount resumed>) = 0 [pid 3269] <... set_robust_list resumed>) = 0 [pid 3267] <... set_robust_list resumed>) = 0 [pid 3269] rt_sigprocmask(SIG_SETMASK, [], [pid 3267] rt_sigprocmask(SIG_SETMASK, [], [pid 3269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3269] write(4, "#! \n", 4) = 4 [pid 3267] write(4, "#! \n", 4 [pid 3251] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3248] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3269] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3267] <... write resumed>) = 4 [pid 3251] <... openat resumed>) = 3 [pid 3248] <... openat resumed>) = 3 [pid 3269] <... futex resumed>) = 1 [pid 3267] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] <... futex resumed>) = 0 [pid 3269] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3267] <... futex resumed>) = 1 [pid 3267] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3262] <... mount resumed>) = 0 [pid 3247] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3244] <... futex resumed>) = 0 [pid 3251] chdir("./file2" [pid 3248] chdir("./file2" [pid 3244] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3247] <... futex resumed>) = 1 [pid 3250] <... futex resumed>) = 0 [pid 3262] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3250] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3249] <... futex resumed>) = 0 [pid 3247] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3244] <... futex resumed>) = 1 [pid 3251] <... chdir resumed>) = 0 [pid 3249] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3248] <... chdir resumed>) = 0 [pid 3262] <... openat resumed>) = 3 [pid 3251] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3250] <... mmap resumed>) = 0x200000000000 [pid 3249] <... mmap resumed>) = 0x200000000000 [pid 3248] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3244] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3262] chdir("./file2" [pid 3250] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3249] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3262] <... chdir resumed>) = 0 [pid 3250] <... futex resumed>) = 1 [pid 3249] <... futex resumed>) = 0 [pid 3247] <... futex resumed>) = 0 [pid 3244] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3262] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3251] <... openat resumed>) = 4 [pid 3250] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3248] <... openat resumed>) = 4 [pid 3251] ioctl(4, LOOP_CLR_FD) = 0 [pid 3251] close(4) = 0 [pid 3251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3251] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3248] ioctl(4, LOOP_CLR_FD) = 0 [pid 3248] close(4) = 0 [pid 3248] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3245] <... futex resumed>) = 0 [pid 3245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3247] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3246] <... futex resumed>) = 0 [pid 3244] <... futex resumed>) = 0 [pid 3262] <... openat resumed>) = 4 [pid 3250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3248] <... futex resumed>) = 1 [pid 3247] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3246] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3244] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3262] ioctl(4, LOOP_CLR_FD [pid 3249] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3248] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3248] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] <... futex resumed>) = 0 [pid 3248] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3245] <... futex resumed>) = 0 [pid 3248] write(4, "#! \n", 4 [pid 3245] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... write resumed>) = 4 [pid 3245] <... futex resumed>) = 0 [pid 3248] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3248] <... futex resumed>) = 0 [pid 3245] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3248] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3245] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3271]}, 88) = 3271 [pid 3245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3245] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3245] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3251] <... futex resumed>) = 0 [pid 3246] <... futex resumed>) = 1 [pid 3251] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3246] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3251] <... openat resumed>) = 4 [pid 3251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3246] <... futex resumed>) = 0 [pid 3251] write(4, "#! \n", 4 [pid 3246] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3251] <... write resumed>) = 4 [pid 3246] <... futex resumed>) = 0 [pid 3251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3246] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3251] <... futex resumed>) = 0 [pid 3246] <... futex resumed>) = 0 [pid 3251] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3246] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3272]}, 88) = 3272 [pid 3246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3246] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3246] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3262] <... ioctl resumed>) = 0 [pid 3262] close(4) = 0 [pid 3262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3256] <... futex resumed>) = 0 [pid 3262] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3256] <... futex resumed>) = 0 [pid 3262] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3256] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3267] <... futex resumed>) = ? [pid 3244] <... futex resumed>) = ? [pid 3267] +++ killed by SIGBUS +++ [pid 3249] +++ killed by SIGBUS +++ [pid 3244] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3244, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3271 attached [pid 3271] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3271] write(4, "#! \n", 4) = 4 [pid 3271] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3245] <... futex resumed>) = 0 [pid 3245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... futex resumed>) = 0 [pid 3245] <... futex resumed>) = 1 [pid 3248] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3248] <... mmap resumed>) = 0x200000000000 [pid 3248] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3245] <... futex resumed>) = 0 [ 69.692918][ T3248] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue [ 69.716249][ T3249] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 69.731685][ T3250] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3248] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3245] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3245] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3272 attached [pid 3271] <... futex resumed>) = 1 [pid 3262] <... openat resumed>) = 4 [pid 3250] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3272] set_robust_list(0x7f0aeccae9a0, 24 [pid 3262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3272] <... set_robust_list resumed>) = 0 [pid 3262] <... futex resumed>) = 1 [pid 3256] <... futex resumed>) = 0 [pid 3272] rt_sigprocmask(SIG_SETMASK, [], [pid 3262] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3256] <... futex resumed>) = 0 [pid 3272] write(4, "#! \n", 4 [pid 3262] write(4, "#! \n", 4 [pid 3256] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3272] <... write resumed>) = 4 [pid 3262] <... write resumed>) = 4 [pid 3256] <... futex resumed>) = 0 [pid 3272] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3272] <... futex resumed>) = 1 [pid 3262] <... futex resumed>) = 0 [pid 3256] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3246] <... futex resumed>) = 0 [pid 3272] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3262] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3246] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3256] <... mprotect resumed>) = 0 [pid 3251] <... futex resumed>) = 0 [pid 3246] <... futex resumed>) = 1 [pid 3256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3251] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3246] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3251] <... mmap resumed>) = 0x200000000000 [pid 3256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3251] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3246] <... futex resumed>) = 0 [pid 3245] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... restart_syscall resumed>) = 0 [pid 3256] <... clone3 resumed> => {parent_tid=[3273]}, 88) = 3273 [pid 3251] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3246] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3273 attached [pid 3271] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3269] <... futex resumed>) = ? [pid 3256] rt_sigprocmask(SIG_SETMASK, [], [pid 3251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3248] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3247] <... futex resumed>) = ? [pid 3246] <... futex resumed>) = 0 [pid 3273] set_robust_list(0x7f0aeccae9a0, 24 [pid 3271] <... futex resumed>) = ? [pid 3269] +++ killed by SIGBUS +++ [pid 3256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3245] <... futex resumed>) = ? [pid 3271] +++ killed by SIGBUS +++ [pid 3250] +++ killed by SIGBUS +++ [pid 3247] +++ killed by SIGBUS +++ [pid 290] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3248] +++ killed by SIGBUS +++ [pid 3245] +++ killed by SIGBUS +++ [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3247, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3245, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] <... openat resumed>) = 3 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3273] <... set_robust_list resumed>) = 0 [pid 3273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3273] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3246] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3256] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3273] <... futex resumed>) = 0 [pid 3256] <... futex resumed>) = 1 [pid 3273] write(4, "#! \n", 4 [pid 3256] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3273] <... write resumed>) = 4 [pid 3273] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3256] <... futex resumed>) = 0 [pid 3273] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3256] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3262] <... futex resumed>) = 0 [pid 3262] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3262] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3256] <... futex resumed>) = 0 [pid 3262] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3256] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3256] <... futex resumed>) = 0 [pid 3251] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3272] <... futex resumed>) = ? [pid 3246] <... futex resumed>) = ? [pid 3272] +++ killed by SIGBUS +++ [pid 3251] +++ killed by SIGBUS +++ [pid 3246] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3246, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3256] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3262] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3273] <... futex resumed>) = ? [pid 3256] <... futex resumed>) = ? [pid 3273] +++ killed by SIGBUS +++ [pid 3262] +++ killed by SIGBUS +++ [pid 3256] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3256, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./99/file2") = 0 [pid 290] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./99/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./99") = 0 [pid 290] mkdir("./100", 0777) = 0 [ 69.745396][ T3248] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 69.762400][ T3251] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 69.768216][ T3262] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 289] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./95/file2") = 0 [pid 289] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./95/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./95") = 0 [pid 289] mkdir("./96", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 291] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... close resumed>) = 0 [pid 288] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./96/file2", [pid 290] close(3 [pid 288] newfstatat(AT_FDCWD, "./95/file2", [pid 287] newfstatat(AT_FDCWD, "./102/file2", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... close resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3274 [pid 288] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", [pid 288] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 288] getdents64(4, [pid 287] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 288] getdents64(4, [pid 287] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 288] close(4 [pid 287] close(4 [pid 291] <... close resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3275 [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 291] rmdir("./96/file2" [pid 288] rmdir("./95/file2" [pid 287] rmdir("./102/file2" [pid 291] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 291] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3275 attached ./strace-static-x86_64: Process 3274 attached [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./96/binderfs", [pid 288] newfstatat(AT_FDCWD, "./95/binderfs", [pid 287] newfstatat(AT_FDCWD, "./102/binderfs", [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./96/binderfs" [pid 288] unlink("./95/binderfs" [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3275] set_robust_list(0x555594a056a0, 24 [pid 3274] set_robust_list(0x555594a056a0, 24 [pid 3275] <... set_robust_list resumed>) = 0 [pid 3274] <... set_robust_list resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 3275] chdir("./96" [pid 3274] chdir("./100" [pid 291] getdents64(3, [pid 288] <... unlink resumed>) = 0 [pid 287] unlink("./102/binderfs" [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] getdents64(3, [pid 3275] <... chdir resumed>) = 0 [pid 3274] <... chdir resumed>) = 0 [pid 3275] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] <... unlink resumed>) = 0 [pid 3275] <... prctl resumed>) = 0 [pid 3274] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] close(3 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] getdents64(3, [pid 3275] setpgid(0, 0) = 0 [pid 3274] <... prctl resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 288] close(3 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3274] setpgid(0, 0 [pid 291] rmdir("./96" [pid 288] <... close resumed>) = 0 [pid 287] close(3 [pid 3275] write(3, "1000", 4) = 4 [pid 3274] <... setpgid resumed>) = 0 [pid 3275] close(3) = 0 [pid 3274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3275] symlink("/dev/binderfs", "./binderfs"executing program [pid 291] <... rmdir resumed>) = 0 [pid 288] rmdir("./95" [pid 287] <... close resumed>) = 0 [pid 3275] <... symlink resumed>) = 0 [pid 3274] <... openat resumed>) = 3 [pid 291] mkdir("./97", 0777 [pid 3275] write(1, "executing program\n", 18) = 18 [pid 3274] write(3, "1000", 4 [pid 3275] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... rmdir resumed>) = 0 [pid 287] rmdir("./102" [pid 3275] <... futex resumed>) = 0 [pid 3274] <... write resumed>) = 4 [pid 3275] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3274] close(3 [pid 3275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3274] <... close resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 3275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3274] symlink("/dev/binderfs", "./binderfs" [pid 3275] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITEexecuting program ) = 0 [pid 3274] <... symlink resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] mkdir("./96", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 3275] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... openat resumed>) = 3 [pid 3275] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3274] write(1, "executing program\n", 18 [pid 3275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3274] <... write resumed>) = 18 [pid 3274] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] <... mkdir resumed>) = 0 [pid 287] mkdir("./103", 0777./strace-static-x86_64: Process 3276 attached [pid 3275] <... clone3 resumed> => {parent_tid=[3276]}, 88) = 3276 [pid 3274] <... futex resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3275] rt_sigprocmask(SIG_SETMASK, [], [pid 3274] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3274] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3275] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3275] <... futex resumed>) = 0 [pid 3274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] <... mkdir resumed>) = 0 [pid 291] close(3 [pid 3275] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3276] set_robust_list(0x7f0aecccf9a0, 24 [pid 291] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... openat resumed>) = 3 [pid 3276] <... set_robust_list resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] close(3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 3276] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3277 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] close(3 [pid 3276] memfd_create("syzkaller", 0 [pid 3274] <... mmap resumed>) = 0x7f0aeccaf000 [pid 287] <... close resumed>) = 0 [pid 3276] <... memfd_create resumed>) = 3 [pid 3274] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3278 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3274] <... mprotect resumed>) = 0 [pid 3276] <... mmap resumed>) = 0x7f0ae48af000 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3279 [pid 3276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3276] <... write resumed>) = 524288 ./strace-static-x86_64: Process 3280 attached ./strace-static-x86_64: Process 3278 attached [pid 3274] <... clone3 resumed> => {parent_tid=[3280]}, 88) = 3280 ./strace-static-x86_64: Process 3277 attached [pid 3280] set_robust_list(0x7f0aecccf9a0, 24 [pid 3278] set_robust_list(0x555594a056a0, 24 [pid 3274] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3279 attached [pid 3280] <... set_robust_list resumed>) = 0 [pid 3278] <... set_robust_list resumed>) = 0 [pid 3274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3276] munmap(0x7f0ae48af000, 138412032 [pid 3274] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3280] rt_sigprocmask(SIG_SETMASK, [], [pid 3278] chdir("./96" [pid 3276] <... munmap resumed>) = 0 [pid 3274] <... futex resumed>) = 0 [pid 3276] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3274] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3278] <... chdir resumed>) = 0 [pid 3276] <... openat resumed>) = 4 [pid 3276] ioctl(4, LOOP_SET_FD, 3 [pid 3277] set_robust_list(0x555594a056a0, 24) = 0 [pid 3278] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3280] memfd_create("syzkaller", 0 [pid 3278] <... prctl resumed>) = 0 [pid 3277] chdir("./97") = 0 [pid 3280] <... memfd_create resumed>) = 3 [pid 3279] set_robust_list(0x555594a056a0, 24 [pid 3278] setpgid(0, 0 [pid 3277] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3278] <... setpgid resumed>) = 0 [pid 3280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3279] <... set_robust_list resumed>) = 0 [pid 3277] <... prctl resumed>) = 0 [pid 3277] setpgid(0, 0) = 0 [pid 3278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3280] <... mmap resumed>) = 0x7f0ae48af000 [pid 3278] <... openat resumed>) = 3 executing program [pid 3277] <... openat resumed>) = 3 [pid 3278] write(3, "1000", 4 [pid 3277] write(3, "1000", 4) = 4 [pid 3277] close(3) = 0 [pid 3277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3277] write(1, "executing program\n", 18) = 18 [pid 3277] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3277] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3278] <... write resumed>) = 4 [pid 3278] close(3) = 0 [pid 3277] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3278] symlink("/dev/binderfs", "./binderfs" [pid 3277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3282]}, 88) = 3282 [pid 3277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3277] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3277] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3278] <... symlink resumed>) = 0 [pid 3276] <... ioctl resumed>) = 0 [pid 3276] close(3) = 0 [pid 3276] close(4./strace-static-x86_64: Process 3282 attached [pid 3282] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3282] memfd_create("syzkaller", 0 [pid 3278] write(1, "executing program\n", 18 [pid 3282] <... memfd_create resumed>) = 3 executing program [pid 3282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3278] <... write resumed>) = 18 [pid 3278] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3278] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3280] <... write resumed>) = 524288 [pid 3278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3278] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3279] chdir("./103"./strace-static-x86_64: Process 3283 attached [pid 3280] munmap(0x7f0ae48af000, 138412032 [pid 3279] <... chdir resumed>) = 0 [pid 3278] <... clone3 resumed> => {parent_tid=[3283]}, 88) = 3283 [pid 3278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3279] setpgid(0, 0) = 0 [pid 3279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3279] write(3, "1000", 4) = 4 [pid 3279] close(3) = 0 [pid 3279] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3279] write(1, "executing program\n", 18) = 18 [pid 3279] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3279] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3280] <... munmap resumed>) = 0 [pid 3279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3280] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3279] <... clone3 resumed> => {parent_tid=[3284]}, 88) = 3284 [pid 3279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3283] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3283] memfd_create("syzkaller", 0) = 3 [pid 3283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3282] <... write resumed>) = 524288 ./strace-static-x86_64: Process 3284 attached [pid 3282] munmap(0x7f0ae48af000, 138412032 [pid 3284] set_robust_list(0x7f0aecccf9a0, 24 [pid 3283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3284] <... set_robust_list resumed>) = 0 [pid 3282] <... munmap resumed>) = 0 [pid 3282] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3284] memfd_create("syzkaller", 0) = 3 [pid 3284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3283] <... write resumed>) = 524288 [pid 3283] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3283] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3284] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3284] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3282] <... openat resumed>) = 4 [pid 3280] <... openat resumed>) = 4 [pid 3276] <... close resumed>) = 0 [pid 3282] ioctl(4, LOOP_SET_FD, 3 [pid 3280] ioctl(4, LOOP_SET_FD, 3 [pid 3276] mkdir("./file2", 0777) = 0 [pid 3276] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3283] <... openat resumed>) = 4 [pid 3280] <... ioctl resumed>) = 0 [pid 3283] ioctl(4, LOOP_SET_FD, 3 [pid 3280] close(3) = 0 [pid 3280] close(4 [pid 3283] <... ioctl resumed>) = 0 [pid 3284] <... openat resumed>) = 4 [pid 3283] close(3) = 0 [pid 3283] close(4 [pid 3284] ioctl(4, LOOP_SET_FD, 3 [pid 3282] <... ioctl resumed>) = 0 [pid 3282] close(3) = 0 [pid 3282] close(4 [pid 3280] <... close resumed>) = 0 [pid 3280] mkdir("./file2", 0777) = 0 [pid 3280] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3283] <... close resumed>) = 0 [pid 3284] <... ioctl resumed>) = 0 [pid 3283] mkdir("./file2", 0777 [pid 3284] close(3) = 0 [pid 3283] <... mkdir resumed>) = 0 [pid 3284] close(4 [pid 3283] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3282] <... close resumed>) = 0 [pid 3282] mkdir("./file2", 0777) = 0 [pid 3282] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3280] <... mount resumed>) = 0 [pid 3280] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3276] <... mount resumed>) = 0 [pid 3280] <... openat resumed>) = 3 [pid 3276] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3280] chdir("./file2" [pid 3276] <... openat resumed>) = 3 [pid 3280] <... chdir resumed>) = 0 [pid 3276] chdir("./file2" [pid 3280] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3276] <... chdir resumed>) = 0 [pid 3276] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3284] <... close resumed>) = 0 [pid 3284] mkdir("./file2", 0777 [pid 3280] <... openat resumed>) = 4 [pid 3284] <... mkdir resumed>) = 0 [pid 3280] ioctl(4, LOOP_CLR_FD [pid 3276] <... openat resumed>) = 4 [pid 3280] <... ioctl resumed>) = 0 [pid 3280] close(4) = 0 [pid 3280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3284] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3276] ioctl(4, LOOP_CLR_FD [pid 3274] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3276] <... ioctl resumed>) = 0 [pid 3274] <... futex resumed>) = 0 [pid 3280] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3276] close(4 [pid 3274] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3276] <... close resumed>) = 0 [pid 3276] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3276] <... futex resumed>) = 1 [pid 3280] <... futex resumed>) = 0 [pid 3275] <... futex resumed>) = 0 [pid 3274] <... futex resumed>) = 1 [pid 3280] write(4, "#! \n", 4 [pid 3276] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3275] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3280] <... write resumed>) = 4 [pid 3276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3275] <... futex resumed>) = 0 [pid 3274] <... futex resumed>) = 0 [pid 3280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3276] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3275] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3280] <... futex resumed>) = 0 [pid 3280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3274] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3276] <... openat resumed>) = 4 [pid 3274] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3276] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] <... mprotect resumed>) = 0 [pid 3276] <... futex resumed>) = 1 [pid 3275] <... futex resumed>) = 0 [pid 3276] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3274] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3275] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3275] <... futex resumed>) = 0 [pid 3274] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3276] write(4, "#! \n", 4 [pid 3275] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3276] <... write resumed>) = 4 [pid 3275] <... futex resumed>) = 0 [pid 3276] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3274] <... clone3 resumed> => {parent_tid=[3297]}, 88) = 3297 [pid 3276] <... futex resumed>) = 0 [pid 3275] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3274] rt_sigprocmask(SIG_SETMASK, [], [pid 3276] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3275] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3275] <... mprotect resumed>) = 0 [pid 3274] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3275] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3274] <... futex resumed>) = 0 [pid 3275] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3274] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3297 attached => {parent_tid=[3298]}, 88) = 3298 [pid 3275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3275] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3275] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3297] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3297] write(4, "#! \n", 4) = 4 [pid 3297] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3274] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3280] <... futex resumed>) = 0 [pid 3274] <... futex resumed>) = 1 [pid 3297] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3283] <... mount resumed>) = 0 [pid 3280] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3274] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3283] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3280] <... mmap resumed>) = 0x200000000000 ./strace-static-x86_64: Process 3298 attached [pid 3282] <... mount resumed>) = 0 [pid 3280] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... mount resumed>) = 0 [pid 3283] <... openat resumed>) = 3 [pid 3282] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3280] <... futex resumed>) = 1 [pid 3274] <... futex resumed>) = 0 [pid 3284] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3283] chdir("./file2" [pid 3282] <... openat resumed>) = 3 [pid 3280] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3274] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... openat resumed>) = 3 [pid 3283] <... chdir resumed>) = 0 [pid 3284] chdir("./file2" [pid 3283] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3282] chdir("./file2" [pid 3280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3274] <... futex resumed>) = 0 [pid 3284] <... chdir resumed>) = 0 [pid 3283] <... openat resumed>) = 4 [pid 3282] <... chdir resumed>) = 0 [pid 3298] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3298] write(4, "#! \n", 4) = 4 [pid 3298] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3275] <... futex resumed>) = 0 [pid 3275] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3276] <... futex resumed>) = 0 [pid 3275] <... futex resumed>) = 1 [pid 3276] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3275] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3276] <... mmap resumed>) = 0x200000000000 [pid 3276] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3275] <... futex resumed>) = 0 [pid 3280] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3275] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3298] <... futex resumed>) = 1 [pid 3298] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3282] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3282] ioctl(4, LOOP_CLR_FD) = 0 [pid 3282] close(4) = 0 [pid 3282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3283] ioctl(4, LOOP_CLR_FD) = 0 [pid 3283] close(4) = 0 [pid 3283] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3278] <... futex resumed>) = 0 [pid 3283] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3278] <... futex resumed>) = 0 [pid 3283] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3284] ioctl(4, LOOP_CLR_FD) = 0 [pid 3284] close(4) = 0 [pid 3284] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3284] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3279] <... futex resumed>) = 0 [pid 3284] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3277] <... futex resumed>) = 0 [pid 3283] <... openat resumed>) = 4 [pid 3277] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3275] <... futex resumed>) = 0 [pid 3284] <... openat resumed>) = 4 [pid 3283] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3282] <... futex resumed>) = 0 [pid 3277] <... futex resumed>) = 1 [pid 3275] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3284] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3283] <... futex resumed>) = 1 [pid 3282] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3278] <... futex resumed>) = 0 [pid 3277] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3284] <... futex resumed>) = 1 [pid 3283] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3279] <... futex resumed>) = 0 [pid 3282] <... openat resumed>) = 4 [pid 3279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3284] write(4, "#! \n", 4 [pid 3283] write(4, "#! \n", 4 [pid 3279] <... futex resumed>) = 0 [pid 3278] <... futex resumed>) = 0 [pid 3284] <... write resumed>) = 4 [pid 3284] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3283] <... write resumed>) = 4 [pid 3282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3279] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3278] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = 0 [pid 3283] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3282] <... futex resumed>) = 1 [pid 3279] <... futex resumed>) = 0 [pid 3278] <... futex resumed>) = 0 [pid 3277] <... futex resumed>) = 0 [pid 3284] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3283] <... futex resumed>) = 0 [pid 3279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3283] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3279] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3277] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3279] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3278] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3277] <... futex resumed>) = 0 [pid 3282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3282] write(4, "#! \n", 4 [pid 3279] <... mprotect resumed>) = 0 [pid 3278] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3277] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3282] <... write resumed>) = 4 [pid 3278] <... mprotect resumed>) = 0 [pid 3279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3277] <... futex resumed>) = 0 [pid 3279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3278] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3278] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3282] <... futex resumed>) = 0 [pid 3279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3277] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3277] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3278] <... clone3 resumed> => {parent_tid=[3303]}, 88) = 3303 [pid 3279] <... clone3 resumed> => {parent_tid=[3302]}, 88) = 3302 [pid 3278] rt_sigprocmask(SIG_SETMASK, [], [pid 3277] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3279] rt_sigprocmask(SIG_SETMASK, [], [pid 3278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3277] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3279] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3278] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3279] <... futex resumed>) = 0 [pid 3278] <... futex resumed>) = 0 [pid 3279] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3278] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3276] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3298] <... futex resumed>) = ? [pid 3297] <... futex resumed>) = ? [pid 3277] <... clone3 resumed> => {parent_tid=[3304]}, 88) = 3304 [pid 3275] <... futex resumed>) = ? [pid 3277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3277] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3302 attached [pid 3302] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3302] write(4, "#! \n", 4) = 4 [pid 3302] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3302] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3303 attached [pid 3303] set_robust_list(0x7f0aeccae9a0, 24 [pid 3279] <... futex resumed>) = 0 [pid 3277] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = 0 [pid 3279] <... futex resumed>) = 1 [pid 3284] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3284] <... mmap resumed>) = 0x200000000000 [pid 3284] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3280] +++ killed by SIGBUS +++ [pid 3279] <... futex resumed>) = 0 [pid 3284] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3279] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3279] <... futex resumed>) = 0 [pid 3297] +++ killed by SIGBUS +++ [pid 3274] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3274, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [ 70.438324][ T3280] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 70.440245][ T3276] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3303] <... set_robust_list resumed>) = 0 [pid 3303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3303] write(4, "#! \n", 4) = 4 [pid 3303] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3303] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3304 attached [pid 3304] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3304] write(4, "#! \n", 4) = 4 [pid 3304] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3304] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3298] +++ killed by SIGBUS +++ [pid 3276] +++ killed by SIGBUS +++ [pid 3279] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3278] <... futex resumed>) = 0 [pid 3277] <... futex resumed>) = 0 [pid 3275] +++ killed by SIGBUS +++ [pid 3278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3277] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3275, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3283] <... futex resumed>) = 0 [pid 3282] <... futex resumed>) = 0 [pid 3278] <... futex resumed>) = 1 [pid 3277] <... futex resumed>) = 1 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3283] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3282] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3277] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3283] <... mmap resumed>) = 0x200000000000 [pid 3283] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3282] <... mmap resumed>) = 0x200000000000 [pid 3283] <... futex resumed>) = 1 [pid 3282] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3278] <... futex resumed>) = 0 [pid 3283] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3282] <... futex resumed>) = 1 [pid 3278] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3277] <... futex resumed>) = 0 [pid 3283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3282] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3278] <... futex resumed>) = 0 [pid 3284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3302] <... futex resumed>) = ? [pid 3277] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3277] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3279] <... futex resumed>) = ? [pid 3278] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 3302] +++ killed by SIGBUS +++ [pid 3284] +++ killed by SIGBUS +++ [pid 3279] +++ killed by SIGBUS +++ [pid 289] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3279, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3303] <... futex resumed>) = ? [pid 3278] <... futex resumed>) = ? [pid 3303] +++ killed by SIGBUS +++ [pid 3283] +++ killed by SIGBUS +++ [pid 3278] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3278, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, [pid 287] getdents64(3, [pid 3282] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3304] <... futex resumed>) = ? [pid 3277] <... futex resumed>) = ? [pid 3304] +++ killed by SIGBUS +++ [pid 287] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3282] +++ killed by SIGBUS +++ [pid 3277] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3277, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 291] getdents64(3, [pid 290] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./100/file2") = 0 [pid 290] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./100/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./100") = 0 [pid 290] mkdir("./101", 0777) = 0 [ 70.489229][ T3284] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 70.509576][ T3283] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 70.510811][ T3282] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] close(3 [pid 289] newfstatat(AT_FDCWD, "./96/file2", [pid 288] newfstatat(AT_FDCWD, "./96/file2", [pid 291] <... umount2 resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3305 [pid 289] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 4 [pid 288] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", [pid 288] newfstatat(4, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 288] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 288] close(4 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 289] rmdir("./96/file2" [pid 288] rmdir("./96/file2" [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./103/file2", [pid 289] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./96/binderfs", [pid 288] newfstatat(AT_FDCWD, "./96/binderfs", [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./96/binderfs" [pid 288] unlink("./96/binderfs" [pid 291] newfstatat(AT_FDCWD, "./97/file2", [pid 289] <... unlink resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] getdents64(3, [pid 288] getdents64(3, [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] close(3 [pid 288] close(3 [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 289] rmdir("./96" [pid 288] rmdir("./96" [pid 291] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] mkdir("./97", 0777 [pid 288] mkdir("./97", 0777 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... mkdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] <... openat resumed>) = 4 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... openat resumed>) = 4 [pid 289] close(3 [pid 288] close(3 [pid 287] newfstatat(4, "", [pid 291] newfstatat(4, "", [pid 289] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3306 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3307 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 291] getdents64(4, [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 291] getdents64(4, [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 291] close(4 [pid 287] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] rmdir("./103/file2" [pid 291] rmdir("./97/file2"./strace-static-x86_64: Process 3305 attached [pid 3305] set_robust_list(0x555594a056a0, 24) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3305] chdir("./101") = 0 [pid 3305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3305] setpgid(0, 0 [pid 291] <... rmdir resumed>) = 0 [pid 287] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3305] <... setpgid resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./103/binderfs", [pid 3305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] newfstatat(AT_FDCWD, "./97/binderfs", [pid 287] unlink("./103/binderfs" [pid 3305] <... openat resumed>) = 3 [pid 287] <... unlink resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3305] write(3, "1000", 4 [pid 291] unlink("./97/binderfs" [pid 287] getdents64(3, [pid 3305] <... write resumed>) = 4 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3305] close(3) = 0 [pid 3305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 291] <... unlink resumed>) = 0 executing program executing program [pid 287] close(3 [pid 3305] write(1, "executing program\n", 18 [pid 291] getdents64(3, [pid 287] <... close resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] rmdir("./103" [pid 3305] <... write resumed>) = 18 [pid 3305] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3305] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3305] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3307 attached ) = 0 [pid 3307] set_robust_list(0x555594a056a0, 24 [pid 3305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3307] <... set_robust_list resumed>) = 0 [pid 3307] chdir("./97" [pid 3305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3307] <... chdir resumed>) = 0 [pid 3305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3307] setpgid(0, 0) = 0 [pid 3307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3305] <... clone3 resumed> => {parent_tid=[3308]}, 88) = 3308 [pid 3305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3307] <... openat resumed>) = 3 [pid 3305] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3305] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3307] write(3, "1000", 4) = 4 [pid 3307] close(3) = 0 [pid 3307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3307] write(1, "executing program\n", 18) = 18 [pid 3307] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3307] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3307] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3307] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 3307] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... close resumed>) = 0 [pid 287] mkdir("./104", 0777 [pid 291] rmdir("./97" [pid 3307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] <... rmdir resumed>) = 0 [pid 3307] <... clone3 resumed> => {parent_tid=[3309]}, 88) = 3309 [pid 3307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3307] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3307] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] mkdir("./98", 0777 [pid 287] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 3309 attached [pid 3309] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3309] memfd_create("syzkaller", 0) = 3 [pid 3309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 291] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] ioctl(3, LOOP_CLR_FD [pid 291] <... openat resumed>) = 3 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] ioctl(3, LOOP_CLR_FD [pid 287] close(3 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... close resumed>) = 0 [pid 291] close(3 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3310 [pid 3309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3311 ./strace-static-x86_64: Process 3311 attached [pid 3311] set_robust_list(0x555594a056a0, 24./strace-static-x86_64: Process 3306 attached ) = 0 [pid 3306] set_robust_list(0x555594a056a0, 24executing program [pid 3311] chdir("./98" [pid 3306] <... set_robust_list resumed>) = 0 [pid 3309] <... write resumed>) = 524288 ./strace-static-x86_64: Process 3310 attached [pid 3310] set_robust_list(0x555594a056a0, 24) = 0 [pid 3310] chdir("./104") = 0 [pid 3310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3310] setpgid(0, 0) = 0 [pid 3310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3309] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3310] <... openat resumed>) = 3 [pid 3310] write(3, "1000", 4) = 4 [pid 3310] close(3 [pid 3309] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3310] <... close resumed>) = 0 [pid 3309] <... openat resumed>) = 4 [pid 3310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3309] ioctl(4, LOOP_SET_FD, 3 [pid 3310] write(1, "executing program\n", 18) = 18 [pid 3310] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3310] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3310] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3311] <... chdir resumed>) = 0 [pid 3310] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3306] chdir("./97" [pid 3310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3313]}, 88) = 3313 [pid 3311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3310] rt_sigprocmask(SIG_SETMASK, [], [pid 3306] <... chdir resumed>) = 0 [pid 3310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3310] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3310] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3309] <... ioctl resumed>) = 0 [pid 3309] close(3) = 0 [pid 3309] close(4./strace-static-x86_64: Process 3313 attached [pid 3313] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3311] <... prctl resumed>) = 0 [pid 3306] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3308 attached [pid 3313] memfd_create("syzkaller", 0) = 3 [pid 3313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3311] setpgid(0, 0 [pid 3308] set_robust_list(0x7f0aecccf9a0, 24 [pid 3306] <... prctl resumed>) = 0 [pid 3311] <... setpgid resumed>) = 0 [pid 3306] setpgid(0, 0 [pid 3311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3306] <... setpgid resumed>) = 0 [pid 3308] <... set_robust_list resumed>) = 0 [pid 3311] <... openat resumed>) = 3 [pid 3306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3311] write(3, "1000", 4) = 4 [pid 3306] <... openat resumed>) = 3 [pid 3311] close(3) = 0 [pid 3306] write(3, "1000", 4 [pid 3308] rt_sigprocmask(SIG_SETMASK, [], [pid 3311] symlink("/dev/binderfs", "./binderfs" [pid 3308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3306] <... write resumed>) = 4 executing program [pid 3313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3311] <... symlink resumed>) = 0 [pid 3306] close(3 [pid 3311] write(1, "executing program\n", 18) = 18 [pid 3306] <... close resumed>) = 0 [pid 3311] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 3306] symlink("/dev/binderfs", "./binderfs" [pid 3311] <... futex resumed>) = 0 [pid 3306] <... symlink resumed>) = 0 [pid 3311] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3306] write(1, "executing program\n", 18 [pid 3308] memfd_create("syzkaller", 0 [pid 3311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3306] <... write resumed>) = 18 [pid 3311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3306] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] <... memfd_create resumed>) = 3 [pid 3311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3306] <... futex resumed>) = 0 [pid 3311] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3306] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3311] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3306] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3311] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3308] <... mmap resumed>) = 0x7f0ae48af000 [pid 3313] <... write resumed>) = 524288 [pid 3313] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3311] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3313] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3311] <... clone3 resumed> => {parent_tid=[3314]}, 88) = 3314 [pid 3306] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3314 attached [pid 3314] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3314] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3306] <... mprotect resumed>) = 0 [pid 3311] rt_sigprocmask(SIG_SETMASK, [], [pid 3306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3311] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3314] <... futex resumed>) = 0 [pid 3311] <... futex resumed>) = 1 [pid 3306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3311] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3314] memfd_create("syzkaller", 0 [pid 3306] <... clone3 resumed> => {parent_tid=[3315]}, 88) = 3315 [pid 3314] <... memfd_create resumed>) = 3 [pid 3306] rt_sigprocmask(SIG_SETMASK, [], [pid 3314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 3315 attached [pid 3306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3306] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... mmap resumed>) = 0x7f0ae48af000 [pid 3306] <... futex resumed>) = 0 [pid 3306] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3308] <... write resumed>) = 524288 [pid 3308] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3308] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3315] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3315] memfd_create("syzkaller", 0) = 3 [pid 3315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3314] <... write resumed>) = 524288 [pid 3314] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3314] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3315] <... write resumed>) = 524288 [pid 3315] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3315] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3313] <... openat resumed>) = 4 [pid 3309] <... close resumed>) = 0 [pid 3313] ioctl(4, LOOP_SET_FD, 3 [pid 3309] mkdir("./file2", 0777) = 0 [pid 3309] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3308] <... openat resumed>) = 4 [pid 3308] ioctl(4, LOOP_SET_FD, 3 [pid 3314] <... openat resumed>) = 4 [pid 3308] <... ioctl resumed>) = 0 [pid 3314] ioctl(4, LOOP_SET_FD, 3 [pid 3308] close(3) = 0 [pid 3308] close(4 [pid 3314] <... ioctl resumed>) = 0 [pid 3314] close(3) = 0 [pid 3314] close(4 [pid 3315] <... openat resumed>) = 4 [pid 3315] ioctl(4, LOOP_SET_FD, 3 [pid 3314] <... close resumed>) = 0 [pid 3314] mkdir("./file2", 0777) = 0 [pid 3313] <... ioctl resumed>) = 0 [pid 3314] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3313] close(3) = 0 [pid 3313] close(4 [pid 3309] <... mount resumed>) = 0 [pid 3309] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3309] chdir("./file2") = 0 [pid 3309] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3308] <... close resumed>) = 0 [pid 3315] <... ioctl resumed>) = 0 [pid 3308] mkdir("./file2", 0777) = 0 [pid 3308] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3313] <... close resumed>) = 0 [pid 3315] close(3 [pid 3313] mkdir("./file2", 0777 [pid 3309] <... openat resumed>) = 4 [pid 3313] <... mkdir resumed>) = 0 [pid 3313] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3315] <... close resumed>) = 0 [pid 3309] ioctl(4, LOOP_CLR_FD [pid 3315] close(4 [pid 3314] <... mount resumed>) = 0 [pid 3314] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3314] chdir("./file2") = 0 [pid 3314] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3309] <... ioctl resumed>) = 0 [pid 3309] close(4 [pid 3315] <... close resumed>) = 0 [pid 3315] mkdir("./file2", 0777) = 0 [pid 3314] <... openat resumed>) = 4 [pid 3315] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3309] <... close resumed>) = 0 [pid 3314] ioctl(4, LOOP_CLR_FD [pid 3309] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... ioctl resumed>) = 0 [pid 3314] close(4 [pid 3309] <... futex resumed>) = 1 [pid 3307] <... futex resumed>) = 0 [pid 3314] <... close resumed>) = 0 [pid 3309] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3307] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3314] <... futex resumed>) = 1 [pid 3311] <... futex resumed>) = 0 [pid 3309] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3307] <... futex resumed>) = 0 [pid 3314] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3311] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... openat resumed>) = 4 [pid 3307] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3311] <... futex resumed>) = 0 [pid 3309] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3314] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3311] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3309] <... futex resumed>) = 0 [pid 3307] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... openat resumed>) = 4 [pid 3309] write(4, "#! \n", 4 [pid 3307] <... futex resumed>) = 0 [pid 3314] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... write resumed>) = 4 [pid 3307] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... futex resumed>) = 1 [pid 3311] <... futex resumed>) = 0 [pid 3309] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3307] <... futex resumed>) = 0 [pid 3314] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3311] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] <... futex resumed>) = 0 [pid 3307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3311] <... futex resumed>) = 0 [pid 3309] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3307] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3314] write(4, "#! \n", 4 [pid 3311] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3307] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3314] <... write resumed>) = 4 [pid 3311] <... futex resumed>) = 0 [pid 3307] <... mprotect resumed>) = 0 [pid 3314] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3314] <... futex resumed>) = 0 [pid 3311] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3307] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3314] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3311] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3327]}, 88) = 3327 [pid 3311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3311] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3311] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3307] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3331]}, 88) = 3331 [pid 3307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3307] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3307] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3315] <... mount resumed>) = 0 [pid 3315] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3315] chdir("./file2") = 0 [pid 3315] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3315] ioctl(4, LOOP_CLR_FD) = 0 [pid 3315] close(4) = 0 [pid 3315] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3306] <... futex resumed>) = 0 [pid 3315] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3306] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... openat resumed>) = 4 [pid 3306] <... futex resumed>) = 0 [pid 3315] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3306] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3315] <... futex resumed>) = 0 [pid 3306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3315] write(4, "#! \n", 4 [pid 3306] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... write resumed>) = 4 [pid 3306] <... futex resumed>) = 0 [pid 3315] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3306] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3315] <... futex resumed>) = 0 [pid 3306] <... futex resumed>) = 0 [pid 3315] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3306] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3313] <... mount resumed>) = 0 [pid 3306] <... clone3 resumed> => {parent_tid=[3332]}, 88) = 3332 [pid 3306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3306] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3306] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3331 attached ./strace-static-x86_64: Process 3327 attached [pid 3313] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3308] <... mount resumed>) = 0 [pid 3331] set_robust_list(0x7f0aeccae9a0, 24 [pid 3313] <... openat resumed>) = 3 [pid 3308] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3331] <... set_robust_list resumed>) = 0 [pid 3313] chdir("./file2" [pid 3308] <... openat resumed>) = 3 [pid 3331] rt_sigprocmask(SIG_SETMASK, [], [pid 3313] <... chdir resumed>) = 0 [pid 3308] chdir("./file2" [pid 3331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3313] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3331] write(4, "#! \n", 4 [pid 3308] <... chdir resumed>) = 0 [pid 3313] <... openat resumed>) = 4 [pid 3308] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3331] <... write resumed>) = 4 [pid 3313] ioctl(4, LOOP_CLR_FD [pid 3331] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] <... openat resumed>) = 4 [pid 3313] <... ioctl resumed>) = 0 [pid 3331] <... futex resumed>) = 1 [pid 3313] close(4 [pid 3308] ioctl(4, LOOP_CLR_FD [pid 3307] <... futex resumed>) = 0 [pid 3331] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3313] <... close resumed>) = 0 [pid 3308] <... ioctl resumed>) = 0 [pid 3307] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] close(4 [pid 3307] <... futex resumed>) = 1 [pid 3313] <... futex resumed>) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3309] <... futex resumed>) = 0 [pid 3308] <... close resumed>) = 0 [pid 3307] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3313] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3308] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3310] <... futex resumed>) = 0 [pid 3313] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3310] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3309] <... mmap resumed>) = 0x200000000000 [pid 3308] <... futex resumed>) = 1 [pid 3305] <... futex resumed>) = 0 [pid 3309] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3305] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... openat resumed>) = 4 [pid 3309] <... futex resumed>) = 1 [pid 3307] <... futex resumed>) = 0 [pid 3305] <... futex resumed>) = 0 [pid 3307] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3327] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3327] write(4, "#! \n", 4) = 4 [pid 3327] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3311] <... futex resumed>) = 0 [pid 3311] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... futex resumed>) = 0 [pid 3311] <... futex resumed>) = 1 [pid 3314] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3311] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3314] <... mmap resumed>) = 0x200000000000 [pid 3314] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3311] <... futex resumed>) = 0 [pid 3314] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3311] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3311] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3332 attached [pid 3327] <... futex resumed>) = 1 [pid 3313] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3308] <... openat resumed>) = 4 [pid 3307] <... futex resumed>) = 4 [pid 3305] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3332] set_robust_list(0x7f0aeccae9a0, 24 [pid 3331] <... futex resumed>) = ? [pid 3313] <... futex resumed>) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3308] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3332] <... set_robust_list resumed>) = 0 [pid 3331] +++ killed by SIGBUS +++ [pid 3313] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] <... futex resumed>) = 0 [pid 3305] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3332] rt_sigprocmask(SIG_SETMASK, [], [pid 3327] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3314] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3311] syscall_0xfffffffffffffff5(0x7f0aecd9a601, 0x80, 0, 0, 0, 0 [pid 3310] <... futex resumed>) = 0 [pid 3309] +++ killed by SIGBUS +++ [pid 3308] write(4, "#! \n", 4 [pid 3307] +++ killed by SIGBUS +++ [pid 3305] <... futex resumed>) = 0 [pid 3332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3327] <... futex resumed>) = ? [pid 3313] write(4, "#! \n", 4 [pid 3310] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] <... write resumed>) = 4 [pid 3305] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3332] write(4, "#! \n", 4 [pid 3313] <... write resumed>) = 4 [pid 3310] <... futex resumed>) = 0 [pid 3308] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3305] <... futex resumed>) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3307, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3332] <... write resumed>) = 4 [pid 3327] +++ killed by SIGBUS +++ [pid 3313] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3308] <... futex resumed>) = 0 [pid 3305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3332] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... futex resumed>) = 0 [pid 3310] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3308] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3305] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3332] <... futex resumed>) = 1 [pid 3314] +++ killed by SIGBUS +++ [pid 3313] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3311] +++ killed by SIGBUS +++ [pid 3310] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3306] <... futex resumed>) = 0 [pid 3305] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3332] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] <... mprotect resumed>) = 0 [pid 3306] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3305] <... mprotect resumed>) = 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3311, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3315] <... futex resumed>) = 0 [pid 3310] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3306] <... futex resumed>) = 1 [pid 3305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3315] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3310] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3306] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3315] <... mmap resumed>) = 0x200000000000 [pid 3310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 288] <... openat resumed>) = 3 [pid 3315] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] newfstatat(3, "", [pid 3315] <... futex resumed>) = 1 [pid 3310] <... clone3 resumed> => {parent_tid=[3333]}, 88) = 3333 [pid 3306] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3315] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] rt_sigprocmask(SIG_SETMASK, [], [pid 3306] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3305] <... clone3 resumed> => {parent_tid=[3334]}, 88) = 3334 [pid 288] getdents64(3, [pid 3315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3306] <... futex resumed>) = 0 [pid 3305] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 3334 attached ./strace-static-x86_64: Process 3333 attached [pid 3310] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 3334] set_robust_list(0x7f0aeccae9a0, 24 [pid 3333] set_robust_list(0x7f0aeccae9a0, 24 [pid 3310] <... futex resumed>) = 0 [ 71.115423][ T3309] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 71.121005][ T3314] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3305] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3334] <... set_robust_list resumed>) = 0 [pid 3333] <... set_robust_list resumed>) = 0 [pid 3310] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3305] <... futex resumed>) = 0 [pid 3334] rt_sigprocmask(SIG_SETMASK, [], [pid 3333] rt_sigprocmask(SIG_SETMASK, [], [pid 3305] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3334] write(4, "#! \n", 4 [pid 3333] write(4, "#! \n", 4 [pid 291] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3334] <... write resumed>) = 4 [pid 3333] <... write resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 3334] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3333] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(3, "", [pid 3334] <... futex resumed>) = 1 [pid 3333] <... futex resumed>) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3305] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3334] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3333] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3305] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(3, [pid 3313] <... futex resumed>) = 0 [pid 3310] <... futex resumed>) = 1 [pid 3308] <... futex resumed>) = 0 [pid 3305] <... futex resumed>) = 1 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3313] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3310] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3308] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3305] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3313] <... mmap resumed>) = 0x200000000000 [pid 3308] <... mmap resumed>) = 0x200000000000 [pid 3313] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... futex resumed>) = 1 [pid 3310] <... futex resumed>) = 0 [pid 3308] <... futex resumed>) = 1 [pid 3305] <... futex resumed>) = 0 [pid 3313] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3310] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3308] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3305] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3310] <... futex resumed>) = 0 [pid 3308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3305] <... futex resumed>) = 0 [pid 3306] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3332] <... futex resumed>) = ? [pid 3306] <... futex resumed>) = ? [pid 3332] +++ killed by SIGBUS +++ [pid 3315] +++ killed by SIGBUS +++ [pid 3306] +++ killed by SIGBUS +++ [pid 3310] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3313] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3305] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3306, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3333] <... futex resumed>) = ? [pid 3310] <... futex resumed>) = ? [pid 3333] +++ killed by SIGBUS +++ [pid 3313] +++ killed by SIGBUS +++ [pid 3310] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3310, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3308] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 287] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3334] <... futex resumed>) = ? [pid 3305] <... futex resumed>) = ? [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3334] +++ killed by SIGBUS +++ [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3308] +++ killed by SIGBUS +++ [pid 3305] +++ killed by SIGBUS +++ [pid 287] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3305, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 71.156072][ T3315] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 71.169143][ T3313] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 71.174886][ T3308] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./97/file2") = 0 [pid 289] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./97/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./97") = 0 [pid 289] mkdir("./98", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./97/file2") = 0 [pid 288] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./97/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./97") = 0 [pid 288] mkdir("./98", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 3336 attached [pid 291] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./98/file2", [pid 290] newfstatat(AT_FDCWD, "./101/file2", [pid 287] newfstatat(AT_FDCWD, "./104/file2", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", [pid 290] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3336] set_robust_list(0x555594a056a0, 24 [pid 291] getdents64(4, [pid 290] getdents64(4, [pid 287] getdents64(4, [pid 3336] <... set_robust_list resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3336] chdir("./98" [pid 291] close(4 [pid 290] close(4 [pid 287] close(4 [pid 3336] <... chdir resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3336 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... close resumed>) = 0 [pid 3336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] rmdir("./98/file2" [pid 290] rmdir("./101/file2" [pid 287] rmdir("./104/file2" [pid 3336] <... prctl resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 executing program [pid 288] close(3 [pid 3336] setpgid(0, 0 [pid 291] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3336] <... setpgid resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] newfstatat(AT_FDCWD, "./98/binderfs", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3336] <... openat resumed>) = 3 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] newfstatat(AT_FDCWD, "./101/binderfs", [pid 287] newfstatat(AT_FDCWD, "./104/binderfs", [pid 3336] write(3, "1000", 4 [pid 291] unlink("./98/binderfs" [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3336] <... write resumed>) = 4 [pid 291] <... unlink resumed>) = 0 [pid 290] unlink("./101/binderfs" [pid 287] unlink("./104/binderfs" [pid 3336] close(3 [pid 291] getdents64(3, [pid 290] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 3336] <... close resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] getdents64(3, [pid 287] getdents64(3, [pid 3336] symlink("/dev/binderfs", "./binderfs" [pid 291] close(3 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3336] <... symlink resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] close(3 [pid 287] close(3 [pid 3336] write(1, "executing program\n", 18 [pid 291] rmdir("./98" [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3336] <... write resumed>) = 18 [pid 291] <... rmdir resumed>) = 0 [pid 290] rmdir("./101" [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] rmdir("./104" [pid 3336] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] mkdir("./99", 0777 [pid 290] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3336] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 290] mkdir("./102", 0777 [pid 287] mkdir("./105", 0777 [pid 3336] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... mkdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 3336] <... rt_sigaction resumed>NULL, 8) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3337 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 3336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 3336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] close(3 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3336] <... mmap resumed>) = 0x7f0aeccaf000 [pid 291] <... close resumed>) = 0 [pid 290] close(3 [pid 287] close(3./strace-static-x86_64: Process 3337 attached [pid 3336] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3337] set_robust_list(0x555594a056a0, 24 [pid 3336] <... mprotect resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3336] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3338 [pid 3337] <... set_robust_list resumed>) = 0 [pid 3337] chdir("./98" [pid 3336] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3339 ./strace-static-x86_64: Process 3340 attached [pid 3337] <... chdir resumed>) = 0 [pid 3336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3340 [pid 3340] set_robust_list(0x555594a056a0, 24 [pid 3337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3340] <... set_robust_list resumed>) = 0 [pid 3337] <... prctl resumed>) = 0 [pid 3336] <... clone3 resumed> => {parent_tid=[3341]}, 88) = 3341 [pid 3336] rt_sigprocmask(SIG_SETMASK, [], [pid 3340] chdir("./105" [pid 3336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3340] <... chdir resumed>) = 0 [pid 3337] setpgid(0, 0 [pid 3336] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3337] <... setpgid resumed>) = 0 [pid 3336] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3338 attached [pid 3340] <... prctl resumed>) = 0 [pid 3337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3336] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3340] setpgid(0, 0 [pid 3338] set_robust_list(0x555594a056a0, 24 [pid 3340] <... setpgid resumed>) = 0 [pid 3340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3338] <... set_robust_list resumed>) = 0 [pid 3337] <... openat resumed>) = 3 [pid 3337] write(3, "1000", 4) = 4 [pid 3337] close(3) = 0 ./strace-static-x86_64: Process 3339 attached [pid 3337] symlink("/dev/binderfs", "./binderfs" [pid 3340] <... openat resumed>) = 3 [pid 3339] set_robust_list(0x555594a056a0, 24 [pid 3338] chdir("./99" [pid 3337] <... symlink resumed>) = 0 [pid 3340] write(3, "1000", 4executing program [pid 3339] <... set_robust_list resumed>) = 0 [pid 3337] write(1, "executing program\n", 18 [pid 3339] chdir("./102" [pid 3337] <... write resumed>) = 18 [pid 3340] <... write resumed>) = 4 [pid 3339] <... chdir resumed>) = 0 [pid 3337] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3337] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3341 attached [pid 3340] close(3 [pid 3339] <... prctl resumed>) = 0 [pid 3338] <... chdir resumed>) = 0 [pid 3337] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3341] set_robust_list(0x7f0aecccf9a0, 24 [pid 3340] <... close resumed>) = 0 [pid 3339] setpgid(0, 0 [pid 3338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3337] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3341] <... set_robust_list resumed>) = 0 [pid 3339] <... setpgid resumed>) = 0 [pid 3337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3341] rt_sigprocmask(SIG_SETMASK, [], [pid 3340] symlink("/dev/binderfs", "./binderfs" [pid 3339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3338] <... prctl resumed>) = 0 [pid 3337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3339] <... openat resumed>) = 3 [pid 3337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3340] <... symlink resumed>) = 0 executing program [pid 3341] memfd_create("syzkaller", 0 [pid 3339] write(3, "1000", 4 [pid 3338] setpgid(0, 0 [pid 3337] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3340] write(1, "executing program\n", 18 [pid 3339] <... write resumed>) = 4 [pid 3337] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3341] <... memfd_create resumed>) = 3 [pid 3340] <... write resumed>) = 18 [pid 3339] close(3 [pid 3338] <... setpgid resumed>) = 0 [pid 3337] <... mprotect resumed>) = 0 [pid 3341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3340] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] <... close resumed>) = 0 [pid 3337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3341] <... mmap resumed>) = 0x7f0ae48af000 [pid 3340] <... futex resumed>) = 0 [pid 3339] symlink("/dev/binderfs", "./binderfs" [pid 3338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3340] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3338] <... openat resumed>) = 3 [pid 3337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3340] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3339] <... symlink resumed>) = 0 [pid 3340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3338] write(3, "1000", 4 [pid 3340] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 3339] write(1, "executing program\n", 18 [pid 3338] <... write resumed>) = 4 [pid 3337] <... clone3 resumed> => {parent_tid=[3342]}, 88) = 3342 [pid 3340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3339] <... write resumed>) = 18 [pid 3338] close(3 [pid 3337] rt_sigprocmask(SIG_SETMASK, [], [pid 3340] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3339] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... close resumed>) = 0 [pid 3337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3340] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3339] <... futex resumed>) = 0 [pid 3338] symlink("/dev/binderfs", "./binderfs" [pid 3337] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3340] <... mprotect resumed>) = 0 [pid 3339] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3338] <... symlink resumed>) = 0 executing program [pid 3337] <... futex resumed>) = 0 [pid 3340] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3339] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3338] write(1, "executing program\n", 18 [pid 3337] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3342 attached [pid 3341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3340] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3338] <... write resumed>) = 18 [pid 3340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3338] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3338] <... futex resumed>) = 0 [pid 3340] <... clone3 resumed> => {parent_tid=[3343]}, 88) = 3343 [pid 3339] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3338] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3340] rt_sigprocmask(SIG_SETMASK, [], [pid 3339] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3338] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3339] <... mprotect resumed>) = 0 [pid 3338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3340] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3340] <... futex resumed>) = 0 [pid 3339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3340] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3338] <... mmap resumed>) = 0x7f0aeccaf000 ./strace-static-x86_64: Process 3343 attached [pid 3342] set_robust_list(0x7f0aecccf9a0, 24 [pid 3341] <... write resumed>) = 524288 [pid 3339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3338] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 3344 attached [pid 3343] set_robust_list(0x7f0aecccf9a0, 24 [pid 3342] <... set_robust_list resumed>) = 0 [pid 3341] munmap(0x7f0ae48af000, 138412032 [pid 3338] <... mprotect resumed>) = 0 [pid 3343] <... set_robust_list resumed>) = 0 [pid 3342] rt_sigprocmask(SIG_SETMASK, [], [pid 3338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3343] rt_sigprocmask(SIG_SETMASK, [], [pid 3342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3341] <... munmap resumed>) = 0 [pid 3339] <... clone3 resumed> => {parent_tid=[3344]}, 88) = 3344 [pid 3338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3342] memfd_create("syzkaller", 0 [pid 3341] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3339] rt_sigprocmask(SIG_SETMASK, [], [pid 3344] set_robust_list(0x7f0aecccf9a0, 24 [pid 3343] memfd_create("syzkaller", 0 [pid 3342] <... memfd_create resumed>) = 3 [pid 3338] <... clone3 resumed> => {parent_tid=[3345]}, 88) = 3345 [pid 3344] <... set_robust_list resumed>) = 0 [pid 3343] <... memfd_create resumed>) = 3 [pid 3342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3341] <... openat resumed>) = 4 [pid 3339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3338] rt_sigprocmask(SIG_SETMASK, [], [pid 3344] rt_sigprocmask(SIG_SETMASK, [], [pid 3343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3342] <... mmap resumed>) = 0x7f0ae48af000 [pid 3341] ioctl(4, LOOP_SET_FD, 3 [pid 3339] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3343] <... mmap resumed>) = 0x7f0ae48af000 [pid 3338] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3338] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3345 attached [pid 3345] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3345] memfd_create("syzkaller", 0) = 3 [pid 3345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3339] <... futex resumed>) = 0 [pid 3345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3339] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3345] <... write resumed>) = 524288 [pid 3345] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3345] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3341] <... ioctl resumed>) = 0 [pid 3344] memfd_create("syzkaller", 0) = 3 [pid 3344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3341] close(3) = 0 [pid 3341] close(4) = 0 [pid 3341] mkdir("./file2", 0777) = 0 [pid 3341] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3342] <... write resumed>) = 524288 [pid 3342] munmap(0x7f0ae48af000, 138412032 [pid 3344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3342] <... munmap resumed>) = 0 [pid 3344] <... write resumed>) = 524288 [pid 3344] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3344] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3344] ioctl(4, LOOP_SET_FD, 3 [pid 3343] <... write resumed>) = 524288 [pid 3342] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3343] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3344] <... ioctl resumed>) = 0 [pid 3345] <... openat resumed>) = 4 [pid 3342] <... openat resumed>) = 4 [pid 3342] ioctl(4, LOOP_SET_FD, 3 [pid 3344] close(3 [pid 3345] ioctl(4, LOOP_SET_FD, 3 [pid 3344] <... close resumed>) = 0 [pid 3344] close(4 [pid 3342] <... ioctl resumed>) = 0 [pid 3342] close(3) = 0 [pid 3342] close(4 [pid 3341] <... mount resumed>) = 0 [pid 3341] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3341] chdir("./file2") = 0 [pid 3341] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3342] <... close resumed>) = 0 [pid 3342] mkdir("./file2", 0777) = 0 [pid 3345] <... ioctl resumed>) = 0 [pid 3343] <... openat resumed>) = 4 [pid 3342] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3343] ioctl(4, LOOP_SET_FD, 3 [pid 3345] close(3) = 0 [pid 3345] close(4 [pid 3343] <... ioctl resumed>) = 0 [pid 3344] <... close resumed>) = 0 [pid 3341] <... openat resumed>) = 4 [pid 3343] close(3) = 0 [pid 3343] close(4 [pid 3344] mkdir("./file2", 0777 [pid 3341] ioctl(4, LOOP_CLR_FD [pid 3344] <... mkdir resumed>) = 0 [pid 3344] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3343] <... close resumed>) = 0 [pid 3343] mkdir("./file2", 0777) = 0 [pid 3343] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3342] <... mount resumed>) = 0 [pid 3342] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3342] chdir("./file2") = 0 [pid 3342] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3345] <... close resumed>) = 0 [pid 3341] <... ioctl resumed>) = 0 [pid 3345] mkdir("./file2", 0777 [pid 3342] <... openat resumed>) = 4 [pid 3341] close(4 [pid 3345] <... mkdir resumed>) = 0 [pid 3341] <... close resumed>) = 0 [pid 3345] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3342] ioctl(4, LOOP_CLR_FD [pid 3341] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3336] <... futex resumed>) = 0 [pid 3341] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3336] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3336] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3341] <... openat resumed>) = 4 [pid 3341] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3341] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3336] <... futex resumed>) = 0 [pid 3336] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3341] <... futex resumed>) = 0 [pid 3336] <... futex resumed>) = 1 [pid 3341] write(4, "#! \n", 4 [pid 3336] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3341] <... write resumed>) = 4 [pid 3336] <... futex resumed>) = 0 [pid 3341] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3341] <... futex resumed>) = 0 [pid 3336] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3341] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3336] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3355]}, 88) = 3355 [pid 3336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3336] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3336] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3355 attached [pid 3355] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3355] write(4, "#! \n", 4) = 4 [pid 3355] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3336] <... futex resumed>) = 0 [pid 3336] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3341] <... futex resumed>) = 0 [pid 3336] <... futex resumed>) = 1 [pid 3341] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3336] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3341] <... mmap resumed>) = 0x200000000000 [pid 3341] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3336] <... futex resumed>) = 0 [pid 3355] <... futex resumed>) = 1 [pid 3336] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3355] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3336] <... futex resumed>) = 0 [pid 3336] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3343] <... mount resumed>) = 0 [pid 3343] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3343] chdir("./file2") = 0 [pid 3343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3344] <... mount resumed>) = 0 [pid 3344] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3344] chdir("./file2") = 0 [pid 3344] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3341] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3355] <... futex resumed>) = ? [pid 3336] <... futex resumed>) = ? [pid 3355] +++ killed by SIGBUS +++ [pid 3341] +++ killed by SIGBUS +++ [pid 3336] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3336, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3344] <... openat resumed>) = 4 [pid 3343] <... openat resumed>) = 4 [pid 3342] <... ioctl resumed>) = 0 [pid 3344] ioctl(4, LOOP_CLR_FD [pid 3343] ioctl(4, LOOP_CLR_FD [pid 3342] close(4 [pid 3344] <... ioctl resumed>) = 0 [pid 3343] <... ioctl resumed>) = 0 [pid 3342] <... close resumed>) = 0 [pid 3344] close(4 [pid 3343] close(4 [pid 3342] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3344] <... close resumed>) = 0 [pid 3343] <... close resumed>) = 0 [pid 3342] <... futex resumed>) = 1 [pid 3337] <... futex resumed>) = 0 [pid 3344] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3342] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3337] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3344] <... futex resumed>) = 1 [pid 3343] <... futex resumed>) = 1 [pid 3342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3340] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3337] <... futex resumed>) = 0 [pid 3344] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3342] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3340] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3337] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3342] <... openat resumed>) = 4 [pid 3340] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3344] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 71.716448][ T3341] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3343] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3342] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3340] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3339] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3344] <... openat resumed>) = 4 [pid 3343] <... openat resumed>) = 4 [pid 3342] <... futex resumed>) = 1 [pid 3337] <... futex resumed>) = 0 [pid 3344] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3342] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3337] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3344] <... futex resumed>) = 1 [pid 3343] <... futex resumed>) = 1 [pid 3342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3340] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3337] <... futex resumed>) = 0 [pid 3344] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3342] write(4, "#! \n", 4 [pid 3340] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3337] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3342] <... write resumed>) = 4 [pid 3340] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3337] <... futex resumed>) = 0 [pid 3344] write(4, "#! \n", 4 [pid 3343] write(4, "#! \n", 4 [pid 3342] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3340] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3344] <... write resumed>) = 4 [pid 3343] <... write resumed>) = 4 [pid 3342] <... futex resumed>) = 0 [pid 3340] <... futex resumed>) = 0 [pid 3344] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3342] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3339] <... futex resumed>) = 0 [pid 3337] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3345] <... mount resumed>) = 0 [pid 3344] <... futex resumed>) = 0 [pid 3343] <... futex resumed>) = 0 [pid 3340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3337] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3345] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3340] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3345] <... openat resumed>) = 3 [pid 3344] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3340] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3339] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3337] <... mprotect resumed>) = 0 [pid 3345] chdir("./file2" [pid 3340] <... mprotect resumed>) = 0 [pid 3339] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3345] <... chdir resumed>) = 0 [pid 3340] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3339] <... mprotect resumed>) = 0 [pid 3337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3345] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3340] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3362 attached [pid 3340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3337] <... clone3 resumed> => {parent_tid=[3362]}, 88) = 3362 [pid 3337] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3364 attached ./strace-static-x86_64: Process 3363 attached [pid 3362] set_robust_list(0x7f0aeccae9a0, 24 [pid 3340] <... clone3 resumed> => {parent_tid=[3363]}, 88) = 3363 [pid 3339] <... clone3 resumed> => {parent_tid=[3364]}, 88) = 3364 [pid 3337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3339] rt_sigprocmask(SIG_SETMASK, [], [pid 3337] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3337] <... futex resumed>) = 0 [pid 3339] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3337] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3339] <... futex resumed>) = 0 [pid 3339] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3364] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3364] write(4, "#! \n", 4) = 4 [pid 3364] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] <... futex resumed>) = 0 [pid 3339] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3344] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 1 [pid 3344] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3339] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3364] <... futex resumed>) = 1 [pid 3363] set_robust_list(0x7f0aeccae9a0, 24 [pid 3362] <... set_robust_list resumed>) = 0 [pid 3344] <... mmap resumed>) = 0x200000000000 [pid 3340] rt_sigprocmask(SIG_SETMASK, [], [pid 3344] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3364] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3363] <... set_robust_list resumed>) = 0 [pid 3362] rt_sigprocmask(SIG_SETMASK, [], [pid 3344] <... futex resumed>) = 1 [pid 3340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3344] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3340] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3339] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3362] write(4, "#! \n", 4 [pid 3344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3340] <... futex resumed>) = 0 [pid 3339] <... futex resumed>) = 0 [pid 3363] rt_sigprocmask(SIG_SETMASK, [], [pid 3362] <... write resumed>) = 4 [pid 3340] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3362] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3363] write(4, "#! \n", 4 [pid 3362] <... futex resumed>) = 1 [pid 3363] <... write resumed>) = 4 [pid 3362] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3363] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3340] <... futex resumed>) = 0 [pid 3363] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3340] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3340] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3339] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3337] <... futex resumed>) = 0 [pid 3337] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3337] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3343] <... futex resumed>) = 0 [pid 3343] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3343] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3340] <... futex resumed>) = 0 [pid 3343] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3340] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3340] <... futex resumed>) = 0 [pid 3340] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3342] <... futex resumed>) = 0 [pid 3342] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3342] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3337] <... futex resumed>) = 0 [pid 3342] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3337] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3337] <... futex resumed>) = 0 [pid 3344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3364] <... futex resumed>) = ? [pid 3339] <... futex resumed>) = ? [pid 3364] +++ killed by SIGBUS +++ [pid 3344] +++ killed by SIGBUS +++ [pid 3339] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3345] <... openat resumed>) = 4 [pid 3337] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... umount2 resumed>) = 0 [pid 3343] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3342] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3345] ioctl(4, LOOP_CLR_FD [pid 289] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3362] <... futex resumed>) = ? [pid 3345] <... ioctl resumed>) = 0 [pid 3340] <... futex resumed>) = ? [pid 3337] <... futex resumed>) = ? [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3363] <... futex resumed>) = ? [pid 3345] close(4) = 0 [pid 289] newfstatat(AT_FDCWD, "./98/file2", [pid 3345] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3338] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3338] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3363] +++ killed by SIGBUS +++ [pid 3345] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3338] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3343] +++ killed by SIGBUS +++ [pid 3340] +++ killed by SIGBUS +++ [pid 3338] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3345] <... openat resumed>) = 4 [pid 3345] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 4 [pid 3362] +++ killed by SIGBUS +++ [pid 3345] <... futex resumed>) = 1 [pid 3338] <... futex resumed>) = 0 [pid 289] newfstatat(4, "", [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3340, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3345] write(4, "#! \n", 4 [pid 3338] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3345] <... write resumed>) = 4 [pid 3338] <... futex resumed>) = 0 [pid 3345] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3338] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 3345] <... futex resumed>) = 0 [pid 3338] <... futex resumed>) = 0 [pid 3345] write(4, "#! \n", 4 [pid 3338] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3345] <... write resumed>) = 4 [pid 3342] +++ killed by SIGBUS +++ [pid 3337] +++ killed by SIGBUS +++ [pid 289] getdents64(4, [pid 3345] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3345] <... futex resumed>) = 1 [pid 3338] <... futex resumed>) = 0 [pid 289] close(4 [pid 3345] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3338] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3338] <... futex resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3345] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3338] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] rmdir("./98/file2" [pid 3345] <... mmap resumed>) = 0x200000000000 [pid 287] <... restart_syscall resumed>) = 0 [pid 3345] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... rmdir resumed>) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3337, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3345] <... futex resumed>) = 1 [pid 3338] <... futex resumed>) = 0 [pid 289] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3345] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3338] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3338] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 71.785438][ T3344] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 71.792482][ T3342] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 71.804313][ T3343] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, [pid 287] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3338] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./98/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./98") = 0 [pid 289] mkdir("./99", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3338] <... futex resumed>) = ? [pid 3345] +++ killed by SIGBUS +++ [pid 3338] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3338, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 290] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] ioctl(3, LOOP_CLR_FD [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./102/file2") = 0 [pid 290] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./102/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./102") = 0 [pid 290] mkdir("./103", 0777) = 0 [ 71.845052][ T3345] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] <... umount2 resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 291] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./99/file2", [pid 287] newfstatat(AT_FDCWD, "./105/file2", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 287] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, [pid 287] getdents64(4, [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4 [pid 287] close(4 [pid 291] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 291] rmdir("./99/file2" [pid 287] rmdir("./105/file2" [pid 291] <... rmdir resumed>) = 0 [pid 288] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... rmdir resumed>) = 0 [pid 291] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./99/binderfs", [pid 288] newfstatat(AT_FDCWD, "./98/file2", [pid 287] newfstatat(AT_FDCWD, "./105/binderfs", [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./99/binderfs" [pid 288] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] unlink("./105/binderfs" [pid 291] <... unlink resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... unlink resumed>) = 0 [pid 291] getdents64(3, [pid 288] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] <... openat resumed>) = 4 [pid 287] getdents64(3, [pid 291] close(3 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] <... close resumed>) = 0 [pid 288] getdents64(4, [pid 291] rmdir("./99" [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] close(3 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./98/file2" [pid 291] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 291] mkdir("./100", 0777 [pid 288] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] rmdir("./105" [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./98/binderfs" [pid 291] <... mkdir resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... close resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 288] rmdir("./98") = 0 [pid 287] mkdir("./106", 0777 [pid 288] mkdir("./99", 0777) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] close(3 [pid 289] close(3 [pid 290] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3365 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3366 ./strace-static-x86_64: Process 3366 attached [pid 3366] set_robust_list(0x555594a056a0, 24) = 0 [pid 3366] chdir("./99") = 0 [pid 3366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3366] setpgid(0, 0) = 0 [pid 3366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3366] write(3, "1000", 4) = 4 [pid 3366] close(3) = 0 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = 0 [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3367 [pid 3366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3366] write(1, "executing program\n", 18) = 18 [pid 3366] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3366] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3366] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3366] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 3365 attached [], 8) = 0 [pid 3366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3365] set_robust_list(0x555594a056a0, 24./strace-static-x86_64: Process 3368 attached ) = 0 ./strace-static-x86_64: Process 3367 attached [pid 3368] set_robust_list(0x7f0aecccf9a0, 24 [pid 3365] chdir("./103" [pid 3366] <... clone3 resumed> => {parent_tid=[3368]}, 88) = 3368 [pid 3365] <... chdir resumed>) = 0 [pid 3365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3365] setpgid(0, 0) = 0 [pid 3368] <... set_robust_list resumed>) = 0 [pid 3365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3365] write(3, "1000", 4) = 4 [pid 3365] close(3) = 0 [pid 3365] symlink("/dev/binderfs", "./binderfs" [pid 3368] rt_sigprocmask(SIG_SETMASK, [], [pid 3367] set_robust_list(0x555594a056a0, 24 [pid 3366] rt_sigprocmask(SIG_SETMASK, [], [pid 3365] <... symlink resumed>) = 0 [pid 3368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3368] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3367] <... set_robust_list resumed>) = 0 [pid 3367] chdir("./106" [pid 3366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3365] write(1, "executing program\n", 18 [pid 3367] <... chdir resumed>) = 0 [pid 3366] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 3368] <... futex resumed>) = 0 [pid 3366] <... futex resumed>) = 1 [pid 3368] memfd_create("syzkaller", 0 [pid 3366] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3365] <... write resumed>) = 18 [pid 3368] <... memfd_create resumed>) = 3 [pid 3368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3365] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3367] setpgid(0, 0 [pid 3365] <... futex resumed>) = 0 [pid 3365] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3367] <... setpgid resumed>) = 0 [pid 3365] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3365] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3368] <... write resumed>) = 524288 [pid 3367] <... openat resumed>) = 3 [pid 3365] <... mprotect resumed>) = 0 [pid 3368] munmap(0x7f0ae48af000, 138412032 [pid 3367] write(3, "1000", 4 [pid 3365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3368] <... munmap resumed>) = 0 [pid 3365] <... clone3 resumed> => {parent_tid=[3369]}, 88) = 3369 [pid 3367] <... write resumed>) = 4 [pid 3365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3365] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3365] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3368] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 3369 attached [pid 3369] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3369] memfd_create("syzkaller", 0) = 3 [pid 3367] close(3 [pid 3369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3367] <... close resumed>) = 0 [pid 3367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3367] write(1, "executing program\n", 18executing program ) = 18 [pid 3367] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3367] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3370]}, 88) = 3370 [pid 3369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3367] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3370 attached NULL, 8) = 0 [pid 3367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3370] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3370] memfd_create("syzkaller", 0) = 3 [pid 3370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3369] <... write resumed>) = 524288 [pid 3369] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3369] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 291] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3368] <... openat resumed>) = 4 [pid 291] close(3 [pid 288] close(3 [pid 291] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3372 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3371 [pid 3369] <... openat resumed>) = 4 [pid 3369] ioctl(4, LOOP_SET_FD, 3 [pid 3368] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3372 attached ./strace-static-x86_64: Process 3371 attached [pid 3369] <... ioctl resumed>) = 0 [pid 3372] set_robust_list(0x555594a056a0, 24 [pid 3371] set_robust_list(0x555594a056a0, 24 [pid 3370] <... write resumed>) = 524288 [pid 3369] close(3) = 0 [pid 3369] close(4 [pid 3368] <... ioctl resumed>) = 0 [pid 3369] <... close resumed>) = 0 [pid 3368] close(3) = 0 [pid 3368] close(4) = 0 [pid 3368] mkdir("./file2", 0777) = 0 [pid 3368] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3369] mkdir("./file2", 0777 [pid 3372] <... set_robust_list resumed>) = 0 [pid 3372] chdir("./100") = 0 [pid 3369] <... mkdir resumed>) = 0 [pid 3372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3369] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3372] setpgid(0, 0) = 0 [pid 3372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3371] <... set_robust_list resumed>) = 0 [pid 3370] munmap(0x7f0ae48af000, 138412032 [pid 3372] <... openat resumed>) = 3 [pid 3372] write(3, "1000", 4) = 4 [pid 3372] close(3) = 0 [pid 3372] symlink("/dev/binderfs", "./binderfs" [pid 3371] chdir("./99") = 0 [pid 3371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3370] <... munmap resumed>) = 0 [pid 3371] setpgid(0, 0 [pid 3372] <... symlink resumed>) = 0 [pid 3370] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3371] <... setpgid resumed>) = 0 [pid 3372] write(1, "executing program\n", 18 [pid 3371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 3372] <... write resumed>) = 18 [pid 3371] write(3, "1000", 4 [pid 3368] <... mount resumed>) = 0 [pid 3368] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3368] chdir("./file2") = 0 [pid 3368] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3372] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3372] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3372] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3372] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3371] <... write resumed>) = 4 [pid 3372] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3377]}, 88) = 3377 [pid 3372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3372] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3372] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3377 attached [pid 3377] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3377] memfd_create("syzkaller", 0 [pid 3371] close(3 [pid 3377] <... memfd_create resumed>) = 3 [pid 3377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3371] <... close resumed>) = 0 [pid 3371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3371] write(1, "executing program\n", 18executing program ) = 18 [pid 3371] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3371] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3371] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3371] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 3378 attached => {parent_tid=[3378]}, 88) = 3378 [pid 3378] set_robust_list(0x7f0aecccf9a0, 24 [pid 3371] rt_sigprocmask(SIG_SETMASK, [], [pid 3378] <... set_robust_list resumed>) = 0 [pid 3371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3378] rt_sigprocmask(SIG_SETMASK, [], [pid 3371] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3371] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3378] memfd_create("syzkaller", 0) = 3 [pid 3378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3377] <... write resumed>) = 524288 [pid 3377] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3377] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3378] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3378] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3370] <... openat resumed>) = 4 [pid 3368] <... openat resumed>) = 4 [pid 3370] ioctl(4, LOOP_SET_FD, 3 [pid 3368] ioctl(4, LOOP_CLR_FD [pid 3370] <... ioctl resumed>) = 0 [pid 3368] <... ioctl resumed>) = 0 [pid 3368] close(4) = 0 [pid 3368] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] <... futex resumed>) = 0 [pid 3368] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3366] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3366] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] <... openat resumed>) = 4 [pid 3378] <... openat resumed>) = 4 [pid 3378] ioctl(4, LOOP_SET_FD, 3 [pid 3377] ioctl(4, LOOP_SET_FD, 3 [pid 3370] close(3 [pid 3368] <... openat resumed>) = 4 [pid 3368] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3366] <... futex resumed>) = 0 [pid 3368] write(4, "#! \n", 4 [pid 3366] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] <... write resumed>) = 4 [pid 3366] <... futex resumed>) = 0 [pid 3368] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3366] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] <... futex resumed>) = 0 [pid 3366] <... futex resumed>) = 0 [pid 3368] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3366] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3381]}, 88) = 3381 [pid 3366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3366] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3366] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3370] <... close resumed>) = 0 [pid 3370] close(4./strace-static-x86_64: Process 3381 attached [pid 3378] <... ioctl resumed>) = 0 [pid 3370] <... close resumed>) = 0 [pid 3370] mkdir("./file2", 0777) = 0 [pid 3370] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3378] close(3) = 0 [pid 3381] set_robust_list(0x7f0aeccae9a0, 24 [pid 3378] close(4 [pid 3370] <... mount resumed>) = 0 [pid 3370] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3370] chdir("./file2") = 0 [pid 3370] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3381] <... set_robust_list resumed>) = 0 [pid 3381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3381] write(4, "#! \n", 4) = 4 [pid 3381] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3366] <... futex resumed>) = 0 [pid 3366] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3369] <... mount resumed>) = 0 [pid 3368] <... futex resumed>) = 0 [pid 3366] <... futex resumed>) = 1 [pid 3369] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3368] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3366] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3368] <... mmap resumed>) = 0x200000000000 [pid 3369] <... openat resumed>) = 3 [pid 3368] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3369] chdir("./file2" [pid 3366] <... futex resumed>) = 0 [pid 3369] <... chdir resumed>) = 0 [pid 3368] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3369] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3366] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3368] <... futex resumed>) = 0 [pid 3366] <... futex resumed>) = 1 [pid 3381] <... futex resumed>) = 1 [pid 3366] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3381] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3377] <... ioctl resumed>) = 0 [pid 3377] close(3) = 0 [pid 3377] close(4 [pid 3368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3381] <... futex resumed>) = ? [pid 3366] <... futex resumed>) = ? [pid 3381] +++ killed by SIGBUS +++ [pid 3368] +++ killed by SIGBUS +++ [pid 3366] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3366, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3378] <... close resumed>) = 0 [pid 3377] <... close resumed>) = 0 [pid 3370] <... openat resumed>) = 4 [pid 3377] mkdir("./file2", 0777) = 0 [pid 3377] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3378] mkdir("./file2", 0777) = 0 [pid 3378] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3370] ioctl(4, LOOP_CLR_FD [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 72.113690][ T3368] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3369] <... openat resumed>) = 4 [pid 3369] ioctl(4, LOOP_CLR_FD) = 0 [pid 3369] close(4) = 0 [pid 3369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3365] <... futex resumed>) = 0 [pid 3369] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3365] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3365] <... futex resumed>) = 0 [pid 3369] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3365] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] <... openat resumed>) = 4 [pid 3369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3365] <... futex resumed>) = 0 [pid 3369] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3365] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3365] <... futex resumed>) = 0 [pid 3369] write(4, "#! \n", 4 [pid 3365] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3369] <... write resumed>) = 4 [pid 3365] <... futex resumed>) = 0 [pid 3369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3369] <... futex resumed>) = 0 [pid 3365] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3369] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3365] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3387]}, 88) = 3387 [pid 3365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3365] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3365] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3387 attached [pid 3387] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3387] write(4, "#! \n", 4) = 4 [pid 3387] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3365] <... futex resumed>) = 0 [pid 3365] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3369] <... futex resumed>) = 0 [pid 3365] <... futex resumed>) = 1 [pid 3369] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3365] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3369] <... mmap resumed>) = 0x200000000000 [pid 3369] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3365] <... futex resumed>) = 0 [pid 3369] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3365] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3365] <... futex resumed>) = 0 [pid 3387] <... futex resumed>) = 1 [pid 3370] <... ioctl resumed>) = 0 [pid 3370] close(4 [pid 3387] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3365] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3378] <... mount resumed>) = 0 [pid 3378] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3378] chdir("./file2") = 0 [pid 3378] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3387] <... futex resumed>) = ? [pid 3365] <... futex resumed>) = ? [pid 3387] +++ killed by SIGBUS +++ [pid 3369] +++ killed by SIGBUS +++ [pid 3365] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 3370] <... close resumed>) = 0 [pid 3370] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3367] <... futex resumed>) = 0 [pid 289] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3370] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3370] <... openat resumed>) = 4 [pid 3367] <... futex resumed>) = 0 [pid 3370] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3370] <... futex resumed>) = 0 [pid 3367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 289] newfstatat(AT_FDCWD, "./99/file2", [pid 3370] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3367] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3370] write(4, "#! \n", 4 [pid 3367] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3370] <... write resumed>) = 4 [pid 3367] <... futex resumed>) = 0 [pid 3370] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3370] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3370] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3367] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... openat resumed>) = 4 [pid 3367] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] newfstatat(4, "", [pid 3367] <... mprotect resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] getdents64(4, [pid 3367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 3390 attached [pid 289] getdents64(4, [pid 3367] <... clone3 resumed> => {parent_tid=[3390]}, 88) = 3390 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3367] rt_sigprocmask(SIG_SETMASK, [], [pid 289] close(4 [pid 3367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] <... close resumed>) = 0 [pid 3367] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] rmdir("./99/file2" [pid 3367] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3390] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3390] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... rmdir resumed>) = 0 [pid 3390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3390] write(4, "#! \n", 4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3390] <... write resumed>) = 4 [pid 289] newfstatat(AT_FDCWD, "./99/binderfs", [pid 3390] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3390] <... futex resumed>) = 1 [pid 3367] <... futex resumed>) = 0 [pid 289] unlink("./99/binderfs" [pid 3367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3390] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3370] <... futex resumed>) = 0 [pid 3367] <... futex resumed>) = 1 [pid 289] <... unlink resumed>) = 0 [pid 3370] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] getdents64(3, [pid 3370] <... mmap resumed>) = 0x200000000000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3370] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3367] <... futex resumed>) = 0 [pid 289] close(3 [ 72.191423][ T3369] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3370] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3367] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3370] <... futex resumed>) = 0 [pid 3367] <... futex resumed>) = 1 [pid 3377] <... mount resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3377] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] rmdir("./99" [pid 3377] <... openat resumed>) = 3 [pid 289] <... rmdir resumed>) = 0 [pid 3377] chdir("./file2" [pid 289] mkdir("./100", 0777 [pid 3377] <... chdir resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 3377] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3367] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3390] <... futex resumed>) = ? [pid 3367] <... futex resumed>) = ? [pid 3390] +++ killed by SIGBUS +++ [pid 3370] +++ killed by SIGBUS +++ [pid 3367] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 72.239192][ T3370] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 3378] <... openat resumed>) = 4 [pid 3378] ioctl(4, LOOP_CLR_FD) = 0 [pid 3378] close(4) = 0 [pid 3378] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3371] <... futex resumed>) = 0 [pid 3378] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3371] <... futex resumed>) = 0 [pid 3378] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3371] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3378] <... openat resumed>) = 4 [pid 3378] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3371] <... futex resumed>) = 0 [pid 3378] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3371] <... futex resumed>) = 0 [pid 3378] write(4, "#! \n", 4 [pid 3371] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3378] <... write resumed>) = 4 [pid 3371] <... futex resumed>) = 0 [pid 3378] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3378] <... futex resumed>) = 0 [pid 3371] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3378] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3393]}, 88) = 3393 [pid 3371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3371] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3371] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3393 attached [pid 3393] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3393] write(4, "#! \n", 4) = 4 [pid 289] <... openat resumed>) = 3 [pid 3393] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3371] <... futex resumed>) = 0 [pid 3371] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3378] <... futex resumed>) = 0 [pid 3371] <... futex resumed>) = 1 [pid 3378] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3371] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3378] <... mmap resumed>) = 0x200000000000 [pid 3378] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3371] <... futex resumed>) = 0 [pid 3378] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3371] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3371] <... futex resumed>) = 0 [pid 3377] <... openat resumed>) = 4 [pid 3371] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 3377] ioctl(4, LOOP_CLR_FD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3377] <... ioctl resumed>) = 0 [pid 290] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] close(3 [pid 3377] close(4 [pid 289] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3377] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./103/file2", [pid 3393] <... futex resumed>) = 1 [pid 3393] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3378] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3393] <... futex resumed>) = ? [pid 3371] <... futex resumed>) = ? [pid 3377] <... futex resumed>) = 1 [pid 3372] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3377] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3372] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3395 [pid 3377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3372] <... futex resumed>) = 0 [pid 290] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3377] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3372] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3393] +++ killed by SIGBUS +++ [pid 3377] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3377] <... futex resumed>) = 1 [pid 3372] <... futex resumed>) = 0 [pid 3377] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3372] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 4 [pid 3377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3372] <... futex resumed>) = 0 [pid 290] newfstatat(4, "", [pid 3377] write(4, "#! \n", 4 [pid 3372] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3377] <... write resumed>) = 4 [pid 3372] <... futex resumed>) = 0 [pid 3377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] getdents64(4, [pid 3377] <... futex resumed>) = 0 [pid 3372] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3372] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3377] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] getdents64(4, [pid 3372] <... mprotect resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3372] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] close(4 [pid 3372] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... close resumed>) = 0 [pid 3372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] rmdir("./103/file2" [pid 3372] <... clone3 resumed> => {parent_tid=[3396]}, 88) = 3396 [pid 290] <... rmdir resumed>) = 0 [pid 3372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3372] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3372] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./103/binderfs" [pid 3378] +++ killed by SIGBUS +++ [pid 3371] +++ killed by SIGBUS +++ [pid 290] <... unlink resumed>) = 0 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3371, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 290] getdents64(3, [pid 288] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3395 attached [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3395] set_robust_list(0x555594a056a0, 24) = 0 [pid 3395] chdir("./100") = 0 [pid 3395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3395] setpgid(0, 0) = 0 [pid 3395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3395] write(3, "1000", 4) = 4 [pid 3395] close(3) = 0 [pid 3395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3395] write(1, "executing program\n", 18) = 18 [pid 3395] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3395] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3397]}, 88) = 3397 [pid 3395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3397 attached [pid 3397] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3397] memfd_create("syzkaller", 0) = 3 [pid 3397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 290] close(3) = 0 [pid 290] rmdir("./103") = 0 [pid 3397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 290] mkdir("./104", 0777 [pid 3397] <... write resumed>) = 524288 [pid 3397] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3397] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... restart_syscall resumed>) = 0 [pid 3397] <... openat resumed>) = 4 [pid 3397] ioctl(4, LOOP_SET_FD, 3 [pid 288] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", [pid 290] <... mkdir resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3396 attached [pid 3396] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3396] write(4, "#! \n", 4 [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 3396] <... write resumed>) = 4 [pid 3396] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3397] <... ioctl resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3372] <... futex resumed>) = 0 [pid 3372] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3377] <... futex resumed>) = 0 [pid 3372] <... futex resumed>) = 1 [pid 3377] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3372] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] <... mmap resumed>) = 0x200000000000 [pid 3377] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3372] <... futex resumed>) = 0 [pid 3397] close(3 [pid 3396] <... futex resumed>) = 1 [pid 3372] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] close(3 [pid 3397] <... close resumed>) = 0 [pid 3397] close(4 [pid 3396] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3372] <... futex resumed>) = 0 [pid 3372] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3396] <... futex resumed>) = ? [pid 3372] <... futex resumed>) = ? [pid 3396] +++ killed by SIGBUS +++ [pid 3377] +++ killed by SIGBUS +++ [pid 3372] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3372, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... close resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3399 ./strace-static-x86_64: Process 3399 attached [pid 3399] set_robust_list(0x555594a056a0, 24) = 0 [pid 3399] chdir("./104") = 0 [pid 3399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3399] setpgid(0, 0) = 0 [pid 3399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3399] write(3, "1000", 4) = 4 [pid 3399] close(3) = 0 [pid 3399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3399] write(1, "executing program\n", 18executing program ) = 18 [pid 3399] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3399] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3399] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 3400 attached => {parent_tid=[3400]}, 88) = 3400 [pid 3400] set_robust_list(0x7f0aecccf9a0, 24 [pid 3399] rt_sigprocmask(SIG_SETMASK, [], [pid 3400] <... set_robust_list resumed>) = 0 [pid 3400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3399] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3400] <... futex resumed>) = 0 [pid 3400] memfd_create("syzkaller", 0 [pid 3399] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3400] <... memfd_create resumed>) = 3 [pid 3400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3400] munmap(0x7f0ae48af000, 138412032) = 0 [ 72.291383][ T3378] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 72.322093][ T3377] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3400] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./99/file2") = 0 [pid 288] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./99/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./99") = 0 [pid 288] mkdir("./100", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3397] <... close resumed>) = 0 [pid 3397] mkdir("./file2", 0777) = 0 [pid 3397] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3400] <... openat resumed>) = 4 [pid 3400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3400] close(3) = 0 [pid 3400] close(4 [pid 3397] <... mount resumed>) = 0 [pid 3397] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3397] chdir("./file2") = 0 [pid 3397] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3400] <... close resumed>) = 0 [pid 3400] mkdir("./file2", 0777) = 0 [pid 3400] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 287] <... umount2 resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 3397] <... openat resumed>) = 4 [pid 291] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3397] ioctl(4, LOOP_CLR_FD) = 0 [pid 3397] close(4) = 0 [pid 3397] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3395] <... futex resumed>) = 0 [pid 3397] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./100/file2", [pid 288] <... openat resumed>) = 3 [pid 287] newfstatat(AT_FDCWD, "./106/file2", [pid 3397] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3395] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3397] <... openat resumed>) = 4 [pid 287] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3397] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3397] <... futex resumed>) = 1 [pid 3395] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3397] write(4, "#! \n", 4 [pid 3395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3395] <... futex resumed>) = 0 [pid 3397] <... write resumed>) = 4 [pid 3395] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3397] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... openat resumed>) = 4 [pid 3395] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3397] <... futex resumed>) = 0 [pid 3395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3397] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3395] <... mmap resumed>) = 0x7f0aecc8e000 [pid 287] newfstatat(4, "", [pid 3395] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] <... openat resumed>) = 4 [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3395] <... mprotect resumed>) = 0 [pid 291] newfstatat(4, "", [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] getdents64(4, [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3395] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] close(3 [pid 3400] <... mount resumed>) = 0 [pid 3395] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] getdents64(4, [pid 288] <... close resumed>) = 0 [pid 287] getdents64(4, [pid 3400] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3400] chdir("./file2") = 0 [pid 3400] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3400] ioctl(4, LOOP_CLR_FD) = 0 [pid 3395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3400] close(4) = 0 [pid 3400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] getdents64(4, [pid 287] close(4 [pid 3400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3395] <... clone3 resumed> => {parent_tid=[3406]}, 88) = 3406 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... close resumed>) = 0 [pid 3395] rt_sigprocmask(SIG_SETMASK, [], [pid 291] close(4 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3407 [pid 287] rmdir("./106/file2" [pid 3395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 3395] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./100/file2" [pid 287] <... rmdir resumed>) = 0 [pid 3395] <... futex resumed>) = 0 [pid 3395] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... rmdir resumed>) = 0 [pid 287] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./100/binderfs", [pid 287] newfstatat(AT_FDCWD, "./106/binderfs", [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./100/binderfs" [pid 287] unlink("./106/binderfs" [pid 291] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 291] getdents64(3, [pid 287] getdents64(3, [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3399] <... futex resumed>) = 0 [pid 3399] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] <... futex resumed>) = 0 [pid 3400] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] <... futex resumed>) = 1 [pid 3399] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3399] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] <... futex resumed>) = 0 [pid 3400] write(4, "#! \n", 4) = 4 [pid 291] close(3 [pid 287] close(3 [pid 3400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 291] rmdir("./100" [pid 287] rmdir("./106" [pid 3400] <... futex resumed>) = 0 [pid 3400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] <... futex resumed>) = 1 [pid 3399] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] <... futex resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 3400] write(4, "#! \n", 4) = 4 [pid 3400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 291] mkdir("./101", 0777 [pid 287] mkdir("./107", 0777 [pid 3400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] <... futex resumed>) = 1 [pid 3399] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3399] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3400] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 3400] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3400] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3400] <... futex resumed>) = 0 [pid 3400] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3399] <... futex resumed>) = 1 [pid 3399] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 3 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] ioctl(3, LOOP_CLR_FD [pid 287] <... openat resumed>) = 3 [pid 3399] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] ioctl(3, LOOP_CLR_FD [pid 3400] <... futex resumed>) = 0 [pid 3399] <... futex resumed>) = 1 [pid 291] close(3 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 3407 attached ./strace-static-x86_64: Process 3406 attached [pid 291] <... close resumed>) = 0 [pid 287] close(3 [pid 3406] set_robust_list(0x7f0aeccae9a0, 24 [pid 3399] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 3407] set_robust_list(0x555594a056a0, 24) = 0 [pid 3407] chdir("./100") = 0 [pid 3407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3407] setpgid(0, 0) = 0 [pid 3407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3407] <... openat resumed>) = 3 [pid 3407] write(3, "1000", 4) = 4 [pid 3407] close(3) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3408 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3409 [pid 3407] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3406] <... set_robust_list resumed>) = 0 [pid 3407] write(1, "executing program\n", 18 [pid 3406] rt_sigprocmask(SIG_SETMASK, [], [pid 3407] <... write resumed>) = 18 [pid 3407] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3407] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3407] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3407] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3407] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3406] write(4, "#! \n", 4 [pid 3407] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3410]}, 88) = 3410 [pid 3407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3408 attached [pid 3408] set_robust_list(0x555594a056a0, 24 [pid 3406] <... write resumed>) = 4 [pid 3408] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 3409 attached [pid 3408] chdir("./101" [pid 3406] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] set_robust_list(0x555594a056a0, 24) = 0 [pid 3409] chdir("./107" [pid 3406] <... futex resumed>) = 1 [pid 3395] <... futex resumed>) = 0 [pid 3408] <... chdir resumed>) = 0 [pid 3395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3408] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3397] <... futex resumed>) = 0 [pid 3395] <... futex resumed>) = 1 [pid 3397] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3406] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3397] <... mmap resumed>) = 0x200000000000 [pid 3408] <... prctl resumed>) = 0 [pid 3397] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... chdir resumed>) = 0 [pid 3397] <... futex resumed>) = 1 [pid 3395] <... futex resumed>) = 0 [pid 3408] setpgid(0, 0 [pid 3397] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program executing program [pid 3395] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3395] <... futex resumed>) = 0 [pid 3408] <... setpgid resumed>) = 0 [pid 3409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3409] setpgid(0, 0) = 0 [pid 3409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3408] <... openat resumed>) = 3 [pid 3409] <... openat resumed>) = 3 [pid 3408] write(3, "1000", 4 [pid 3409] write(3, "1000", 4 [pid 3408] <... write resumed>) = 4 [pid 3409] <... write resumed>) = 4 [pid 3408] close(3 [pid 3409] close(3 [pid 3408] <... close resumed>) = 0 [pid 3409] <... close resumed>) = 0 [pid 3408] symlink("/dev/binderfs", "./binderfs" [pid 3409] symlink("/dev/binderfs", "./binderfs" [pid 3408] <... symlink resumed>) = 0 [pid 3409] <... symlink resumed>) = 0 [pid 3409] write(1, "executing program\n", 18 [pid 3408] write(1, "executing program\n", 18 [pid 3409] <... write resumed>) = 18 [pid 3408] <... write resumed>) = 18 [pid 3409] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3408] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 3408] <... futex resumed>) = 0 [pid 3409] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3408] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3409] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3408] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3409] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3408] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3409] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3408] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3409] <... mprotect resumed>) = 0 [pid 3408] <... mprotect resumed>) = 0 [pid 3409] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3408] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3409] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3408] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3409] <... clone3 resumed> => {parent_tid=[3412]}, 88) = 3412 [pid 3408] <... clone3 resumed> => {parent_tid=[3411]}, 88) = 3411 ./strace-static-x86_64: Process 3410 attached [pid 3409] rt_sigprocmask(SIG_SETMASK, [], [pid 3408] rt_sigprocmask(SIG_SETMASK, [], [pid 3410] set_robust_list(0x7f0aecccf9a0, 24 [pid 3409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3410] <... set_robust_list resumed>) = 0 [pid 3409] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3408] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3410] rt_sigprocmask(SIG_SETMASK, [], [pid 3409] <... futex resumed>) = 0 [pid 3408] <... futex resumed>) = 0 [pid 3410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3409] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3408] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3410] memfd_create("syzkaller", 0) = 3 [pid 3410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 3412 attached [pid 3412] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3412] memfd_create("syzkaller", 0) = 3 [pid 3412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3410] <... write resumed>) = 524288 ./strace-static-x86_64: Process 3411 attached [pid 3411] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3411] memfd_create("syzkaller", 0) = 3 [pid 3411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3410] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3410] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3410] ioctl(4, LOOP_SET_FD, 3 [pid 3412] <... write resumed>) = 524288 [pid 3395] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3411] <... write resumed>) = 524288 [pid 3412] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3412] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3411] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3411] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3406] <... futex resumed>) = ? [pid 3395] <... futex resumed>) = ? [pid 3410] <... ioctl resumed>) = 0 [pid 3399] <... futex resumed>) = ? [pid 3406] +++ killed by SIGBUS +++ [pid 3412] <... openat resumed>) = 4 [pid 3410] close(3 [pid 3397] +++ killed by SIGBUS +++ [pid 3395] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3412] ioctl(4, LOOP_SET_FD, 3 [pid 3410] <... close resumed>) = 0 [pid 3411] <... openat resumed>) = 4 [pid 3411] ioctl(4, LOOP_SET_FD, 3 [pid 3410] close(4 [pid 3412] <... ioctl resumed>) = 0 [pid 3412] close(3) = 0 [pid 3412] close(4 [pid 3400] +++ killed by SIGBUS +++ [pid 3399] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3412] <... close resumed>) = 0 [pid 3410] <... close resumed>) = 0 [pid 3410] mkdir("./file2", 0777) = 0 [pid 3410] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3412] mkdir("./file2", 0777) = 0 [pid 3412] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3411] <... ioctl resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 3411] close(3) = 0 [pid 3411] close(4 [pid 290] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 290] newfstatat(3, "", [pid 289] newfstatat(3, "", [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, [pid 289] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3411] <... close resumed>) = 0 [pid 3411] mkdir("./file2", 0777) = 0 [ 72.583171][ T3400] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 72.605570][ T3397] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3411] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3412] <... mount resumed>) = 0 [pid 3410] <... mount resumed>) = 0 [pid 3410] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3410] chdir("./file2") = 0 [pid 3410] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3412] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3412] chdir("./file2") = 0 [pid 3412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3410] <... openat resumed>) = 4 [pid 3410] ioctl(4, LOOP_CLR_FD) = 0 [pid 3410] close(4) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 3410] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3407] <... futex resumed>) = 0 [pid 3410] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3407] <... futex resumed>) = 0 [pid 3410] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = 0 [pid 3412] ioctl(4, LOOP_CLR_FD) = 0 [pid 3412] close(4) = 0 [pid 3412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3409] <... futex resumed>) = 0 [pid 3412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3409] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3409] <... futex resumed>) = 0 [pid 3412] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3409] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3412] <... openat resumed>) = 4 [pid 3410] <... openat resumed>) = 4 [pid 290] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3409] <... futex resumed>) = 0 [pid 3412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3409] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3410] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3412] write(4, "#! \n", 4 [pid 3410] <... futex resumed>) = 1 [pid 3409] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3407] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./104/file2", [pid 289] newfstatat(AT_FDCWD, "./100/file2", [pid 3412] <... write resumed>) = 4 [pid 3410] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3409] <... futex resumed>) = 0 [pid 3407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3407] <... futex resumed>) = 0 [pid 3412] <... futex resumed>) = 0 [pid 3410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3409] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3407] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3410] write(4, "#! \n", 4 [pid 3409] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3407] <... futex resumed>) = 0 [pid 290] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3410] <... write resumed>) = 4 [pid 3409] <... mprotect resumed>) = 0 [pid 3407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3410] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3407] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3410] <... futex resumed>) = 0 [pid 3409] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3407] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... openat resumed>) = 4 [pid 3410] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3407] <... mprotect resumed>) = 0 [pid 290] newfstatat(4, "", [pid 289] <... openat resumed>) = 4 [pid 3407] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] newfstatat(4, "", [pid 3409] <... clone3 resumed> => {parent_tid=[3420]}, 88) = 3420 [pid 3407] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] getdents64(4, [pid 3409] rt_sigprocmask(SIG_SETMASK, [], [pid 3407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3409] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 3409] <... futex resumed>) = 0 [pid 3407] <... clone3 resumed> => {parent_tid=[3421]}, 88) = 3421 [pid 290] getdents64(4, [pid 3409] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3407] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 3421 attached [pid 3407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] close(4 [pid 289] getdents64(4, [pid 3407] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 3420 attached [pid 3420] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3420] write(4, "#! \n", 4) = 4 [pid 3420] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3409] <... futex resumed>) = 0 [pid 3409] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3412] <... futex resumed>) = 0 [pid 3409] <... futex resumed>) = 1 [pid 3412] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3409] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3412] <... mmap resumed>) = 0x200000000000 [pid 3407] <... futex resumed>) = 0 [pid 290] rmdir("./104/file2" [pid 289] close(4 [pid 3412] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3411] <... mount resumed>) = 0 [pid 3409] <... futex resumed>) = 0 [pid 3407] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... close resumed>) = 0 [pid 3421] set_robust_list(0x7f0aeccae9a0, 24 [pid 3420] <... futex resumed>) = 1 [pid 3412] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3411] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3409] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 289] rmdir("./100/file2" [pid 3421] <... set_robust_list resumed>) = 0 [pid 3412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3411] <... openat resumed>) = 3 [pid 3409] <... futex resumed>) = 0 [pid 290] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3421] rt_sigprocmask(SIG_SETMASK, [], [pid 3420] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3411] chdir("./file2" [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... rmdir resumed>) = 0 [pid 3421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3411] <... chdir resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./104/binderfs", [pid 289] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3421] write(4, "#! \n", 4 [pid 3411] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3421] <... write resumed>) = 4 [pid 3411] <... openat resumed>) = 4 [pid 290] unlink("./104/binderfs" [pid 289] newfstatat(AT_FDCWD, "./100/binderfs", [pid 3421] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3411] ioctl(4, LOOP_CLR_FD [pid 290] <... unlink resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3421] <... futex resumed>) = 1 [pid 3411] <... ioctl resumed>) = 0 [pid 3407] <... futex resumed>) = 0 [pid 290] getdents64(3, [pid 289] unlink("./100/binderfs" [pid 3421] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3411] close(4 [pid 3407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] <... unlink resumed>) = 0 [pid 3411] <... close resumed>) = 0 [pid 3410] <... futex resumed>) = 0 [pid 3407] <... futex resumed>) = 1 [pid 290] close(3 [pid 289] getdents64(3, [pid 3411] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3410] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3411] <... futex resumed>) = 1 [pid 3410] <... mmap resumed>) = 0x200000000000 [pid 290] rmdir("./104" [pid 289] close(3 [pid 3411] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3410] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3410] <... futex resumed>) = 1 [pid 3407] <... futex resumed>) = 0 [pid 290] mkdir("./105", 0777 [pid 289] rmdir("./100" [pid 3410] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3407] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... mkdir resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 3410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3407] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] mkdir("./101", 0777 [pid 3412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3409] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3408] <... futex resumed>) = 0 [pid 3420] <... futex resumed>) = ? [pid 3409] <... futex resumed>) = ? [pid 3408] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3420] +++ killed by SIGBUS +++ [pid 3411] <... futex resumed>) = 0 [pid 3408] <... futex resumed>) = 1 [pid 3412] +++ killed by SIGBUS +++ [pid 3411] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3409] +++ killed by SIGBUS +++ [pid 3408] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3411] <... openat resumed>) = 4 [pid 3411] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3408] <... futex resumed>) = 0 [pid 3411] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3408] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3408] <... futex resumed>) = 0 [pid 3411] write(4, "#! \n", 4 [pid 3408] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3411] <... write resumed>) = 4 [pid 3408] <... futex resumed>) = 0 [pid 3411] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3411] <... futex resumed>) = 0 [pid 3408] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3411] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3408] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3424]}, 88) = 3424 [pid 3408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3408] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3408] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3424 attached [pid 3424] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3424] write(4, "#! \n", 4) = 4 [pid 3424] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3408] <... futex resumed>) = 0 [pid 3408] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3411] <... futex resumed>) = 0 [pid 3408] <... futex resumed>) = 1 [pid 3411] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3408] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3411] <... mmap resumed>) = 0x200000000000 [pid 3411] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3408] <... futex resumed>) = 0 [pid 3411] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3408] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3408] <... futex resumed>) = 0 [pid 3424] <... futex resumed>) = 1 [pid 3410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3407] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... openat resumed>) = 3 [pid 289] <... mkdir resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... openat resumed>) = 3 [pid 290] close(3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 290] <... close resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] close(3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... close resumed>) = 0 [pid 287] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3425 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3426 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3424] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3421] <... futex resumed>) = ? [pid 3407] <... futex resumed>) = ? [pid 3421] +++ killed by SIGBUS +++ [pid 3410] +++ killed by SIGBUS +++ [pid 3407] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 3426 attached ./strace-static-x86_64: Process 3425 attached [pid 3411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3408] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... openat resumed>) = 3 [pid 3426] set_robust_list(0x555594a056a0, 24) = 0 [pid 3425] set_robust_list(0x555594a056a0, 24 [pid 288] newfstatat(3, "", [pid 3426] chdir("./101" [pid 3425] <... set_robust_list resumed>) = 0 [pid 3424] <... futex resumed>) = ? [pid 3408] <... futex resumed>) = ? [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3425] chdir("./105" [pid 288] getdents64(3, [pid 3425] <... chdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3425] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3426] <... chdir resumed>) = 0 [pid 3425] <... prctl resumed>) = 0 [pid 3425] setpgid(0, 0) = 0 [pid 3426] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3426] <... prctl resumed>) = 0 [pid 3425] <... openat resumed>) = 3 [pid 3426] setpgid(0, 0 [pid 3425] write(3, "1000", 4 [pid 3426] <... setpgid resumed>) = 0 [pid 3425] <... write resumed>) = 4 [pid 3425] close(3 [pid 3424] +++ killed by SIGBUS +++ [pid 3426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3425] <... close resumed>) = 0 [pid 3425] symlink("/dev/binderfs", "./binderfs" [pid 3426] <... openat resumed>) = 3 [pid 3425] <... symlink resumed>) = 0 [pid 3426] write(3, "1000", 4) = 4 [pid 3425] write(1, "executing program\n", 18executing program [pid 3426] close(3 [pid 3425] <... write resumed>) = 18 [pid 3411] +++ killed by SIGBUS +++ [pid 3408] +++ killed by SIGBUS +++ [pid 3425] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3425] <... futex resumed>) = 0 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3425] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3425] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3426] <... close resumed>) = 0 [pid 3425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3426] symlink("/dev/binderfs", "./binderfs" [pid 3425] <... clone3 resumed> => {parent_tid=[3427]}, 88) = 3427 [pid 3425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3425] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3426] <... symlink resumed>) = 0 [pid 3425] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 3426] write(1, "executing program\n", 18./strace-static-x86_64: Process 3427 attached ) = 18 [pid 3427] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3427] rt_sigprocmask(SIG_SETMASK, [], [pid 3426] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3426] <... futex resumed>) = 0 [pid 3426] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3427] memfd_create("syzkaller", 0 [pid 3426] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3427] <... memfd_create resumed>) = 3 [pid 3427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3426] <... mprotect resumed>) = 0 [pid 3427] <... mmap resumed>) = 0x7f0ae48af000 [pid 3426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] <... restart_syscall resumed>) = 0 [pid 3426] <... clone3 resumed> => {parent_tid=[3428]}, 88) = 3428 [pid 3426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3426] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3426] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3426] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] <... openat resumed>) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3428 attached [pid 3428] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3428] memfd_create("syzkaller", 0) = 3 [pid 3428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3428] <... write resumed>) = 524288 [pid 3428] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3428] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3427] <... write resumed>) = 524288 [pid 3427] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3427] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./107/file2") = 0 [pid 287] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./107/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./107") = 0 [pid 287] mkdir("./108", 0777) = 0 [ 72.793774][ T3412] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 72.806272][ T3410] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 72.817407][ T3411] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3428] <... openat resumed>) = 4 [pid 3427] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 288] <... umount2 resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3429 [pid 3428] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... umount2 resumed>) = 0 [pid 3427] ioctl(4, LOOP_SET_FD, 3 [pid 288] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3429 attached ) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./101/file2", [pid 288] newfstatat(AT_FDCWD, "./100/file2", [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 3429] set_robust_list(0x555594a056a0, 24 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 291] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 291] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] getdents64(4, [pid 291] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] <... close resumed>) = 0 [pid 288] close(4 [pid 291] rmdir("./101/file2" [pid 288] <... close resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 288] rmdir("./100/file2" [pid 291] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... rmdir resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./101/binderfs", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] newfstatat(AT_FDCWD, "./100/binderfs", [pid 291] unlink("./101/binderfs" [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3428] <... ioctl resumed>) = 0 [pid 291] <... unlink resumed>) = 0 [pid 288] unlink("./100/binderfs" [pid 3428] close(3 [pid 291] getdents64(3, [pid 288] <... unlink resumed>) = 0 [pid 3429] <... set_robust_list resumed>) = 0 [pid 3428] <... close resumed>) = 0 [pid 3427] <... ioctl resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] getdents64(3, [pid 3428] close(4 [pid 3427] close(3 [pid 291] close(3 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] <... close resumed>) = 0 [pid 288] close(3 [pid 291] rmdir("./101" [pid 288] <... close resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 288] rmdir("./100" [pid 291] mkdir("./102", 0777 [pid 288] <... rmdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 288] mkdir("./101", 0777 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... mkdir resumed>) = 0 [pid 3429] chdir("./108" [pid 3427] <... close resumed>) = 0 [pid 3429] <... chdir resumed>) = 0 [pid 3427] close(4 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3429] setpgid(0, 0) = 0 [pid 3429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3429] write(3, "1000", 4) = 4 [pid 3429] close(3) = 0 [pid 3429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3429] write(1, "executing program\n", 18executing program ) = 18 [pid 3429] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3429] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3429] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 3432 attached => {parent_tid=[3432]}, 88) = 3432 [pid 3432] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3432] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3429] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3432] <... futex resumed>) = 0 [pid 3432] memfd_create("syzkaller", 0 [pid 3429] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3432] <... memfd_create resumed>) = 3 [pid 3432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3432] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3432] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3428] <... close resumed>) = 0 [pid 3427] <... close resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 3428] mkdir("./file2", 0777) = 0 [pid 3428] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3427] mkdir("./file2", 0777) = 0 [pid 3427] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 288] close(3 [pid 291] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3433 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3434 [pid 3432] <... openat resumed>) = 4 [pid 3432] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3434 attached [pid 3434] set_robust_list(0x555594a056a0, 24) = 0 [pid 3434] chdir("./101" [pid 3432] <... ioctl resumed>) = 0 [pid 3432] close(3) = 0 [pid 3432] close(4 [pid 3434] <... chdir resumed>) = 0 [pid 3434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 3433 attached [pid 3434] setpgid(0, 0 [pid 3433] set_robust_list(0x555594a056a0, 24 [pid 3434] <... setpgid resumed>) = 0 [pid 3433] <... set_robust_list resumed>) = 0 [pid 3434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3433] chdir("./102" [pid 3434] <... openat resumed>) = 3 [pid 3433] <... chdir resumed>) = 0 [pid 3434] write(3, "1000", 4 [pid 3433] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3434] <... write resumed>) = 4 [pid 3433] <... prctl resumed>) = 0 [pid 3434] close(3 [pid 3433] setpgid(0, 0 [pid 3434] <... close resumed>) = 0 [pid 3433] <... setpgid resumed>) = 0 [pid 3434] symlink("/dev/binderfs", "./binderfs" [pid 3433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3434] <... symlink resumed>) = 0 [pid 3434] write(1, "executing program\n", 18 [pid 3433] <... openat resumed>) = 3 executing program [pid 3434] <... write resumed>) = 18 [pid 3433] write(3, "1000", 4 [pid 3434] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3433] <... write resumed>) = 4 [pid 3433] close(3 [pid 3434] <... futex resumed>) = 0 [pid 3434] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3433] <... close resumed>) = 0 [pid 3434] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3433] symlink("/dev/binderfs", "./binderfs" [pid 3434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3433] <... symlink resumed>) = 0 [pid 3434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 3433] write(1, "executing program\n", 18 [pid 3434] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3433] <... write resumed>) = 18 [pid 3434] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3433] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3433] <... futex resumed>) = 0 [pid 3434] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3433] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3433] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 3440 attached NULL, 8) = 0 [pid 3433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3440] set_robust_list(0x7f0aecccf9a0, 24 [pid 3433] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3434] <... clone3 resumed> => {parent_tid=[3440]}, 88) = 3440 [pid 3433] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3440] <... set_robust_list resumed>) = 0 [pid 3434] rt_sigprocmask(SIG_SETMASK, [], [pid 3433] <... mprotect resumed>) = 0 [pid 3434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3440] rt_sigprocmask(SIG_SETMASK, [], [pid 3433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3434] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] memfd_create("syzkaller", 0) = 3 [pid 3440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3428] <... mount resumed>) = 0 [pid 3433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3434] <... futex resumed>) = 0 [pid 3427] <... mount resumed>) = 0 [pid 3434] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3433] <... clone3 resumed> => {parent_tid=[3441]}, 88) = 3441 [pid 3433] rt_sigprocmask(SIG_SETMASK, [], [pid 3428] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3427] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3427] <... openat resumed>) = 3 [pid 3433] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3428] <... openat resumed>) = 3 [pid 3427] chdir("./file2" [pid 3433] <... futex resumed>) = 0 [pid 3428] chdir("./file2" [pid 3427] <... chdir resumed>) = 0 [pid 3433] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3428] <... chdir resumed>) = 0 [pid 3427] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3428] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 3441 attached [pid 3440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3441] set_robust_list(0x7f0aecccf9a0, 24 [pid 3440] <... write resumed>) = 524288 [pid 3441] <... set_robust_list resumed>) = 0 [pid 3440] munmap(0x7f0ae48af000, 138412032 [pid 3441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3441] memfd_create("syzkaller", 0) = 3 [pid 3440] <... munmap resumed>) = 0 [pid 3441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3440] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3441] <... mmap resumed>) = 0x7f0ae48af000 [pid 3441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3441] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3441] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3432] <... close resumed>) = 0 [pid 3441] <... openat resumed>) = 4 [pid 3432] mkdir("./file2", 0777 [pid 3428] <... openat resumed>) = 4 [pid 3427] <... openat resumed>) = 4 [pid 3441] ioctl(4, LOOP_SET_FD, 3 [pid 3432] <... mkdir resumed>) = 0 [pid 3428] ioctl(4, LOOP_CLR_FD [pid 3427] ioctl(4, LOOP_CLR_FD [pid 3432] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3441] <... ioctl resumed>) = 0 [pid 3441] close(3) = 0 [pid 3441] close(4) = 0 [pid 3428] <... ioctl resumed>) = 0 [pid 3427] <... ioctl resumed>) = 0 [pid 3428] close(4 [pid 3427] close(4 [pid 3428] <... close resumed>) = 0 [pid 3441] mkdir("./file2", 0777) = 0 [pid 3441] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3440] <... openat resumed>) = 4 [pid 3440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3440] close(3) = 0 [pid 3440] close(4 [pid 3428] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3426] <... futex resumed>) = 0 [pid 3426] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3426] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3428] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3428] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3426] <... futex resumed>) = 0 [pid 3426] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3426] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3426] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3426] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3428] write(4, "#! \n", 4 [pid 3426] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3428] <... write resumed>) = 4 [pid 3426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3428] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3426] <... clone3 resumed> => {parent_tid=[3444]}, 88) = 3444 [pid 3428] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3426] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3426] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3444 attached [pid 3444] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3444] write(4, "#! \n", 4) = 4 [pid 3444] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3426] <... futex resumed>) = 0 [pid 3426] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3428] <... futex resumed>) = 0 [pid 3426] <... futex resumed>) = 1 [pid 3428] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3426] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3428] <... mmap resumed>) = 0x200000000000 [pid 3428] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3426] <... futex resumed>) = 0 [pid 3444] <... futex resumed>) = 1 [pid 3426] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3444] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3426] <... futex resumed>) = 0 [pid 3426] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3441] <... mount resumed>) = 0 [pid 3441] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3441] chdir("./file2") = 0 [pid 3441] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3444] <... futex resumed>) = ? [pid 3426] <... futex resumed>) = ? [pid 3444] +++ killed by SIGBUS +++ [pid 3428] +++ killed by SIGBUS +++ [pid 3426] +++ killed by SIGBUS +++ [pid 3432] <... mount resumed>) = 0 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3426, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3432] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3432] <... openat resumed>) = 3 [pid 3432] chdir("./file2") = 0 [pid 3432] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3440] <... close resumed>) = 0 [pid 3427] <... close resumed>) = 0 [pid 3440] mkdir("./file2", 0777 [pid 3427] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... mkdir resumed>) = 0 [pid 3427] <... futex resumed>) = 1 [pid 3440] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3427] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3432] <... openat resumed>) = 4 [pid 3432] ioctl(4, LOOP_CLR_FD) = 0 [pid 3432] close(4) = 0 [pid 3432] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3429] <... futex resumed>) = 0 [pid 3432] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3429] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3441] <... openat resumed>) = 4 [pid 3429] <... futex resumed>) = 0 [pid 3425] <... futex resumed>) = 0 [pid 3441] ioctl(4, LOOP_CLR_FD [pid 3429] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3441] <... ioctl resumed>) = 0 [pid 3425] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3441] close(4 [pid 3427] <... futex resumed>) = 0 [pid 3425] <... futex resumed>) = 1 [pid 3432] <... openat resumed>) = 4 [pid 3427] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3425] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3441] <... close resumed>) = 0 [pid 3441] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3427] <... openat resumed>) = 4 [pid 3441] <... futex resumed>) = 1 [pid 3433] <... futex resumed>) = 0 [pid 3432] <... futex resumed>) = 1 [pid 3429] <... futex resumed>) = 0 [pid 3427] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3441] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3433] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3429] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3427] <... futex resumed>) = 1 [pid 3425] <... futex resumed>) = 0 [pid 3441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3433] <... futex resumed>) = 0 [pid 3432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3429] <... futex resumed>) = 0 [pid 3427] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3425] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3441] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3433] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3432] write(4, "#! \n", 4 [pid 3429] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3425] <... futex resumed>) = 0 [pid 3441] <... openat resumed>) = 4 [pid 3432] <... write resumed>) = 4 [pid 3429] <... futex resumed>) = 0 [pid 3427] write(4, "#! \n", 4 [pid 3425] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3441] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3441] <... futex resumed>) = 1 [pid 3433] <... futex resumed>) = 0 [pid 3427] <... write resumed>) = 4 [pid 3425] <... futex resumed>) = 0 [pid 3441] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3433] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] <... futex resumed>) = 0 [pid 3429] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3433] <... futex resumed>) = 0 [pid 3432] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3429] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3427] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3441] write(4, "#! \n", 4 [pid 3433] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3429] <... mprotect resumed>) = 0 [pid 3427] <... futex resumed>) = 0 [pid 3425] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3441] <... write resumed>) = 4 [pid 3433] <... futex resumed>) = 0 [pid 3429] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3427] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3425] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3441] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3429] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3425] <... mprotect resumed>) = 0 [pid 3441] <... futex resumed>) = 0 [pid 3433] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3441] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3433] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3433] <... mprotect resumed>) = 0 [pid 3429] <... clone3 resumed> => {parent_tid=[3449]}, 88) = 3449 [pid 3425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3429] rt_sigprocmask(SIG_SETMASK, [], [pid 3433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3429] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3425] <... clone3 resumed> => {parent_tid=[3450]}, 88) = 3450 [pid 3429] <... futex resumed>) = 0 [pid 3425] rt_sigprocmask(SIG_SETMASK, [], [pid 3433] <... clone3 resumed> => {parent_tid=[3451]}, 88) = 3451 [pid 3429] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3433] rt_sigprocmask(SIG_SETMASK, [], [pid 3425] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3425] <... futex resumed>) = 0 [pid 3433] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3425] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3433] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3450 attached [pid 3433] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3450] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3450] write(4, "#! \n", 4) = 4 ./strace-static-x86_64: Process 3451 attached ./strace-static-x86_64: Process 3449 attached [pid 3450] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3451] set_robust_list(0x7f0aeccae9a0, 24 [pid 3449] set_robust_list(0x7f0aeccae9a0, 24 [pid 3450] <... futex resumed>) = 1 [pid 3425] <... futex resumed>) = 0 [ 73.126422][ T3428] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3451] <... set_robust_list resumed>) = 0 [pid 3449] <... set_robust_list resumed>) = 0 [pid 3425] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3450] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3451] rt_sigprocmask(SIG_SETMASK, [], [pid 3449] rt_sigprocmask(SIG_SETMASK, [], [pid 3427] <... futex resumed>) = 0 [pid 3425] <... futex resumed>) = 1 [pid 3451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3427] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3425] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3451] write(4, "#! \n", 4 [pid 3449] write(4, "#! \n", 4 [pid 3427] <... mmap resumed>) = 0x200000000000 [pid 3451] <... write resumed>) = 4 [pid 3449] <... write resumed>) = 4 [pid 3427] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3451] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3449] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3427] <... futex resumed>) = 1 [pid 3425] <... futex resumed>) = 0 [pid 3451] <... futex resumed>) = 1 [pid 3449] <... futex resumed>) = 1 [pid 3433] <... futex resumed>) = 0 [pid 3429] <... futex resumed>) = 0 [pid 3427] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3425] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3451] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3449] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3433] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3429] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3425] <... futex resumed>) = 0 [pid 3441] <... futex resumed>) = 0 [pid 3440] <... mount resumed>) = 0 [pid 3433] <... futex resumed>) = 1 [pid 3432] <... futex resumed>) = 0 [pid 3429] <... futex resumed>) = 1 [pid 3440] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3440] chdir("./file2") = 0 [pid 3440] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3425] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3441] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3441] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3441] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3433] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3433] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3441] <... futex resumed>) = 0 [pid 3433] <... futex resumed>) = 1 [pid 3432] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3429] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3450] <... futex resumed>) = ? [pid 3432] <... mmap resumed>) = 0x200000000000 [pid 3425] <... futex resumed>) = ? [pid 3450] +++ killed by SIGBUS +++ [pid 3432] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3429] <... futex resumed>) = 0 [pid 3427] +++ killed by SIGBUS +++ [pid 3425] +++ killed by SIGBUS +++ [pid 3432] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3429] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3429] <... futex resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3441] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3429] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3451] <... futex resumed>) = ? [pid 3451] +++ killed by SIGBUS +++ [pid 3441] +++ killed by SIGBUS +++ [pid 3433] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3449] <... futex resumed>) = ? [pid 3440] <... openat resumed>) = 4 [pid 3429] <... futex resumed>) = ? [pid 289] <... umount2 resumed>) = 0 [pid 3449] +++ killed by SIGBUS +++ [pid 3440] ioctl(4, LOOP_CLR_FD [pid 289] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3432] +++ killed by SIGBUS +++ [pid 3429] +++ killed by SIGBUS +++ [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./101/file2", [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(4, "", [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] getdents64(4, [pid 287] <... openat resumed>) = 3 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] newfstatat(3, "", [pid 289] getdents64(4, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] getdents64(3, [pid 289] close(4 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] <... close resumed>) = 0 [pid 287] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./101/file2") = 0 [pid 289] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./101/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./101") = 0 [pid 289] mkdir("./102", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./105/file2") = 0 [pid 290] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./105/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./105") = 0 [pid 290] mkdir("./106", 0777) = 0 [ 73.189397][ T3427] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 73.194838][ T3441] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 73.206807][ T3432] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3440] <... ioctl resumed>) = 0 [pid 3440] close(4 [pid 289] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 290] close(3 [pid 289] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3455 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3456 ./strace-static-x86_64: Process 3456 attached ./strace-static-x86_64: Process 3455 attached [pid 3456] set_robust_list(0x555594a056a0, 24 [pid 3440] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 3440] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3440] <... futex resumed>) = 1 [pid 3440] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3434] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./102/file2", [pid 3440] <... futex resumed>) = 0 [pid 3434] <... futex resumed>) = 1 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3440] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3434] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3456] <... set_robust_list resumed>) = 0 [pid 3455] set_robust_list(0x555594a056a0, 24 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3456] chdir("./106" [pid 3455] <... set_robust_list resumed>) = 0 [pid 3440] <... openat resumed>) = 4 [pid 291] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3440] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 4 [pid 3456] <... chdir resumed>) = 0 [pid 3455] chdir("./102" [pid 291] newfstatat(4, "", [pid 3456] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3455] <... chdir resumed>) = 0 [pid 3440] <... futex resumed>) = 1 [pid 3434] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3456] <... prctl resumed>) = 0 [pid 3455] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3440] write(4, "#! \n", 4 [pid 3434] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 287] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3456] setpgid(0, 0 [pid 3455] <... prctl resumed>) = 0 [pid 3440] <... write resumed>) = 4 [pid 3434] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] getdents64(4, [pid 3455] setpgid(0, 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3456] <... setpgid resumed>) = 0 [pid 3455] <... setpgid resumed>) = 0 [pid 291] close(4 [pid 3440] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./108/file2", [pid 3456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] rmdir("./102/file2" [pid 3455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3456] <... openat resumed>) = 3 [pid 3455] <... openat resumed>) = 3 [pid 3440] <... futex resumed>) = 0 [pid 3434] <... futex resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3456] write(3, "1000", 4 [pid 3455] write(3, "1000", 4 [pid 3440] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3456] <... write resumed>) = 4 [pid 3455] <... write resumed>) = 4 [pid 3434] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3456] close(3 [pid 3455] close(3 [pid 3434] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] newfstatat(AT_FDCWD, "./102/binderfs", [pid 3456] <... close resumed>) = 0 [pid 3455] <... close resumed>) = 0 [pid 3434] <... mprotect resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3456] symlink("/dev/binderfs", "./binderfs" [pid 3455] symlink("/dev/binderfs", "./binderfs" [pid 3434] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] unlink("./102/binderfs" [pid 3434] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3455] <... symlink resumed>) = 0 [pid 3434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] <... unlink resumed>) = 0 [pid 287] <... openat resumed>) = 4 executing program [pid 3456] <... symlink resumed>) = 0 [pid 3455] write(1, "executing program\n", 18executing program [pid 291] getdents64(3, [pid 287] newfstatat(4, "", [pid 3456] write(1, "executing program\n", 18 [pid 3455] <... write resumed>) = 18 [pid 3434] <... clone3 resumed> => {parent_tid=[3457]}, 88) = 3457 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3456] <... write resumed>) = 18 [pid 3455] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3434] rt_sigprocmask(SIG_SETMASK, [], [pid 291] close(3 [pid 287] getdents64(4, [pid 3456] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3455] <... futex resumed>) = 0 [pid 3434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3456] <... futex resumed>) = 0 [pid 3455] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3434] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] rmdir("./102" [pid 287] getdents64(4, [pid 3456] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3455] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3434] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3456] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3455] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3434] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... rmdir resumed>) = 0 [pid 287] close(4 [pid 3456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] mkdir("./103", 0777 [pid 287] <... close resumed>) = 0 [pid 3456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] rmdir("./108/file2" [pid 3456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3455] <... mmap resumed>) = 0x7f0aeccaf000 [pid 291] <... mkdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3456] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3455] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3456] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3455] <... mprotect resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3456] <... mprotect resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./108/binderfs", [pid 3455] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] ioctl(3, LOOP_CLR_FD [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3456] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3455] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] unlink("./108/binderfs" [pid 3456] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] close(3 [pid 287] <... unlink resumed>) = 0 [pid 3456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 291] <... close resumed>) = 0 [pid 287] getdents64(3, [pid 3455] <... clone3 resumed> => {parent_tid=[3458]}, 88) = 3458 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3456] <... clone3 resumed> => {parent_tid=[3459]}, 88) = 3459 [pid 3455] rt_sigprocmask(SIG_SETMASK, [], [pid 287] close(3) = 0 [pid 287] rmdir("./108" [pid 3456] rt_sigprocmask(SIG_SETMASK, [], [pid 3455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3455] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3460 [pid 287] mkdir("./109", 0777 [pid 3456] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3455] <... futex resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 3456] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3456] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3455] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3461 ./strace-static-x86_64: Process 3459 attached [pid 3459] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3459] memfd_create("syzkaller", 0) = 3 [pid 3459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 3458 attached [pid 3458] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 3460 attached [pid 3458] memfd_create("syzkaller", 0 [pid 3460] set_robust_list(0x555594a056a0, 24) = 0 [pid 3458] <... memfd_create resumed>) = 3 [pid 3460] chdir("./103" [pid 3458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3460] <... chdir resumed>) = 0 [pid 3460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3460] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 3461 attached [pid 3460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3461] set_robust_list(0x555594a056a0, 24) = 0 [pid 3460] <... openat resumed>) = 3 [pid 3461] chdir("./109" [pid 3460] write(3, "1000", 4./strace-static-x86_64: Process 3457 attached [pid 3461] <... chdir resumed>) = 0 [pid 3460] <... write resumed>) = 4 [pid 3461] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3460] close(3 [pid 3457] set_robust_list(0x7f0aeccae9a0, 24 [pid 3461] <... prctl resumed>) = 0 [pid 3460] <... close resumed>) = 0 [pid 3457] <... set_robust_list resumed>) = 0 [pid 3461] setpgid(0, 0 [pid 3460] symlink("/dev/binderfs", "./binderfs" [pid 3457] rt_sigprocmask(SIG_SETMASK, [], [pid 3461] <... setpgid resumed>) = 0 [pid 3460] <... symlink resumed>) = 0 [pid 3457] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 3461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3460] write(1, "executing program\n", 18 [pid 3457] write(4, "#! \n", 4 [pid 3461] <... openat resumed>) = 3 [pid 3460] <... write resumed>) = 18 [pid 3457] <... write resumed>) = 4 [pid 3461] write(3, "1000", 4 [pid 3460] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3457] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3461] <... write resumed>) = 4 [pid 3460] <... futex resumed>) = 0 [pid 3458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3457] <... futex resumed>) = 1 [pid 3434] <... futex resumed>) = 0 [pid 3434] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... futex resumed>) = 0 [pid 3434] <... futex resumed>) = 1 [pid 3440] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3434] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3440] <... mmap resumed>) = 0x200000000000 [pid 3440] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3434] <... futex resumed>) = 0 [pid 3440] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3434] <... futex resumed>) = 0 [pid 3461] close(3 [pid 3460] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3459] <... write resumed>) = 524288 [pid 3457] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3434] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3458] <... write resumed>) = 524288 [pid 3461] <... close resumed>) = 0 [pid 3460] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3461] symlink("/dev/binderfs", "./binderfs" [pid 3460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3461] <... symlink resumed>) = 0 [pid 3460] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 3461] write(1, "executing program\n", 18 [pid 3460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3461] <... write resumed>) = 18 [pid 3460] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3461] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3460] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3461] <... futex resumed>) = 0 [pid 3460] <... mprotect resumed>) = 0 [pid 3461] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3461] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3459] munmap(0x7f0ae48af000, 138412032 [pid 3461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3460] <... clone3 resumed> => {parent_tid=[3462]}, 88) = 3462 [pid 3461] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3460] rt_sigprocmask(SIG_SETMASK, [], [pid 3459] <... munmap resumed>) = 0 [pid 3461] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3458] munmap(0x7f0ae48af000, 138412032 [pid 3461] <... mprotect resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3461] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3460] <... futex resumed>) = 0 [pid 3458] <... munmap resumed>) = 0 [pid 3461] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3460] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3459] <... openat resumed>) = 4 [pid 3461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3458] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3459] ioctl(4, LOOP_SET_FD, 3 [pid 3461] <... clone3 resumed> => {parent_tid=[3463]}, 88) = 3463 [pid 3458] <... openat resumed>) = 4 [pid 3461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3458] ioctl(4, LOOP_SET_FD, 3 [pid 3461] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3461] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3463 attached ./strace-static-x86_64: Process 3462 attached [pid 3463] set_robust_list(0x7f0aecccf9a0, 24 [pid 3440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3463] <... set_robust_list resumed>) = 0 [pid 3462] set_robust_list(0x7f0aecccf9a0, 24 [pid 3463] rt_sigprocmask(SIG_SETMASK, [], [pid 3457] <... futex resumed>) = ? [pid 3434] <... futex resumed>) = ? [pid 3463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3462] <... set_robust_list resumed>) = 0 [pid 3459] <... ioctl resumed>) = 0 [pid 3459] close(3 [pid 3458] <... ioctl resumed>) = 0 [pid 3457] +++ killed by SIGBUS +++ [pid 3463] memfd_create("syzkaller", 0 [pid 3459] <... close resumed>) = 0 [pid 3458] close(3 [pid 3440] +++ killed by SIGBUS +++ [pid 3434] +++ killed by SIGBUS +++ [pid 3459] close(4 [pid 3458] <... close resumed>) = 0 [pid 3459] <... close resumed>) = 0 [pid 3458] close(4 [pid 3459] mkdir("./file2", 0777) = 0 [pid 3463] <... memfd_create resumed>) = 3 [pid 3462] rt_sigprocmask(SIG_SETMASK, [], [pid 3459] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3463] <... mmap resumed>) = 0x7f0ae48af000 [pid 288] <... restart_syscall resumed>) = 0 [pid 3462] memfd_create("syzkaller", 0 [pid 288] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3462] <... memfd_create resumed>) = 3 [pid 3462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3462] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3463] <... write resumed>) = 524288 [pid 3462] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3463] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3463] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3458] <... close resumed>) = 0 [ 73.376675][ T3440] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3458] mkdir("./file2", 0777) = 0 [pid 3458] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3462] <... openat resumed>) = 4 [pid 3462] ioctl(4, LOOP_SET_FD, 3 [pid 3459] <... mount resumed>) = 0 [pid 3459] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3459] chdir("./file2") = 0 [pid 3459] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3463] <... openat resumed>) = 4 [pid 3463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3462] <... ioctl resumed>) = 0 [pid 3459] <... openat resumed>) = 4 [pid 3459] ioctl(4, LOOP_CLR_FD) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 3459] close(4) = 0 [pid 3459] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3459] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3463] close(3) = 0 [pid 3463] close(4) = 0 [pid 3463] mkdir("./file2", 0777 [pid 3462] close(3 [pid 3456] <... futex resumed>) = 0 [pid 3456] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3462] <... close resumed>) = 0 [pid 3462] close(4 [pid 3456] <... futex resumed>) = 1 [pid 3463] <... mkdir resumed>) = 0 [pid 3463] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3456] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3462] <... close resumed>) = 0 [pid 3462] mkdir("./file2", 0777 [pid 288] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3459] <... futex resumed>) = 0 [pid 3459] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3462] <... mkdir resumed>) = 0 [pid 3459] <... openat resumed>) = 4 [pid 3459] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3456] <... futex resumed>) = 0 [pid 3462] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3459] write(4, "#! \n", 4 [pid 3456] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... write resumed>) = 4 [pid 3456] <... futex resumed>) = 0 [pid 3459] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3456] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... futex resumed>) = 0 [pid 3456] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3459] write(4, "#! \n", 4 [pid 3456] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] newfstatat(AT_FDCWD, "./101/file2", [pid 3459] <... write resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3459] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3459] <... futex resumed>) = 1 [pid 3456] <... futex resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3459] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3456] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3456] <... futex resumed>) = 0 [pid 3459] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3456] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... openat resumed>) = 4 [pid 3459] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 288] newfstatat(4, "", [pid 3459] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3456] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3458] <... mount resumed>) = 0 [pid 3456] <... futex resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3458] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3456] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] getdents64(4, [pid 3458] <... openat resumed>) = 3 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3458] chdir("./file2" [pid 288] getdents64(4, [pid 3458] <... chdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3458] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] close(4) = 0 [pid 288] rmdir("./101/file2") = 0 [pid 288] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./101/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./101") = 0 [pid 288] mkdir("./102", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3463] <... mount resumed>) = 0 [pid 3463] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3463] chdir("./file2") = 0 [pid 3463] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3459] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3456] <... futex resumed>) = ? [pid 3459] +++ killed by SIGBUS +++ [pid 3456] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3456, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 3458] <... openat resumed>) = 4 [pid 288] ioctl(3, LOOP_CLR_FD [pid 3458] ioctl(4, LOOP_CLR_FD [pid 3462] <... mount resumed>) = 0 [pid 3462] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3462] chdir("./file2") = 0 [ 73.534034][ T3459] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3462] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3458] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 3458] close(4 [pid 290] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3458] <... close resumed>) = 0 [pid 3462] <... openat resumed>) = 4 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 3458] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 3458] <... futex resumed>) = 1 [pid 3455] <... futex resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3462] ioctl(4, LOOP_CLR_FD [pid 3458] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3455] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3463] <... openat resumed>) = 4 [pid 3462] <... ioctl resumed>) = 0 [pid 3458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3455] <... futex resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./106/file2", [pid 3463] ioctl(4, LOOP_CLR_FD [pid 3462] close(4 [pid 3458] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3455] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3476 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3463] <... ioctl resumed>) = 0 [pid 3462] <... close resumed>) = 0 [pid 3463] close(4) = 0 [pid 3462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3458] <... openat resumed>) = 4 [pid 290] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3463] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3462] <... futex resumed>) = 1 [pid 3460] <... futex resumed>) = 0 [pid 3458] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3463] <... futex resumed>) = 1 [pid 3462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3461] <... futex resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3458] <... futex resumed>) = 1 [pid 3455] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3463] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3461] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3460] <... futex resumed>) = 0 [pid 3458] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3455] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 4 [pid 3463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3462] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3461] <... futex resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3455] <... futex resumed>) = 0 [pid 290] newfstatat(4, "", [pid 3463] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3462] <... openat resumed>) = 4 [pid 3461] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3458] write(4, "#! \n", 4 [pid 3455] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3463] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3463] <... futex resumed>) = 0 [pid 3462] <... futex resumed>) = 1 [pid 3461] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3460] <... futex resumed>) = 0 [pid 3458] <... write resumed>) = 4 [pid 3455] <... futex resumed>) = 0 [pid 290] getdents64(4, [pid 3463] write(4, "#! \n", 4 [pid 3462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3461] <... futex resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3458] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3463] <... write resumed>) = 4 [pid 3462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3461] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3460] <... futex resumed>) = 0 [pid 3458] <... futex resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3455] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3463] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3462] write(4, "#! \n", 4 [pid 3461] <... futex resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3458] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3455] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] getdents64(4, [pid 3463] <... futex resumed>) = 0 [pid 3462] <... write resumed>) = 4 [pid 3461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3460] <... futex resumed>) = 0 [pid 3455] <... mprotect resumed>) = 0 [pid 3463] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3461] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3462] <... futex resumed>) = 0 [pid 3461] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3460] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3455] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] close(4 [pid 3462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3461] <... mprotect resumed>) = 0 [pid 3460] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3455] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3461] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3460] <... mprotect resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 3455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3461] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] rmdir("./106/file2" [pid 3461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3455] <... clone3 resumed> => {parent_tid=[3477]}, 88) = 3477 [pid 3461] <... clone3 resumed> => {parent_tid=[3478]}, 88) = 3478 [pid 3455] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... rmdir resumed>) = 0 [pid 3461] rt_sigprocmask(SIG_SETMASK, [], [pid 3460] <... clone3 resumed> => {parent_tid=[3479]}, 88) = 3479 [pid 3455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3460] rt_sigprocmask(SIG_SETMASK, [], [pid 3455] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3461] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3455] <... futex resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3461] <... futex resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3455] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] newfstatat(AT_FDCWD, "./106/binderfs", [pid 3461] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3460] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3460] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] unlink("./106/binderfs"./strace-static-x86_64: Process 3478 attached ) = 0 [pid 3478] set_robust_list(0x7f0aeccae9a0, 24 [pid 290] getdents64(3, [pid 3478] <... set_robust_list resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3478] rt_sigprocmask(SIG_SETMASK, [], [pid 290] close(3 [pid 3478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] <... close resumed>) = 0 [pid 3478] write(4, "#! \n", 4 [pid 290] rmdir("./106" [pid 3478] <... write resumed>) = 4 [pid 3478] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 3478] <... futex resumed>) = 1 [pid 3461] <... futex resumed>) = 0 [pid 290] mkdir("./107", 0777 [pid 3461] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3478] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3463] <... futex resumed>) = 0 [pid 3461] <... futex resumed>) = 1 [pid 290] <... mkdir resumed>) = 0 [pid 3463] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3461] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3463] <... mmap resumed>) = 0x200000000000 ./strace-static-x86_64: Process 3476 attached [pid 3463] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... openat resumed>) = 3 [pid 3463] <... futex resumed>) = 1 [pid 3461] <... futex resumed>) = 0 [pid 290] ioctl(3, LOOP_CLR_FD [pid 3476] set_robust_list(0x555594a056a0, 24 [pid 3463] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3461] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3476] <... set_robust_list resumed>) = 0 [pid 3463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3461] <... futex resumed>) = 0 [pid 290] close(3./strace-static-x86_64: Process 3477 attached [pid 3477] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3477] write(4, "#! \n", 4) = 4 [pid 3477] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3477] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3479 attached [pid 3479] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3479] write(4, "#! \n", 4) = 4 [pid 3479] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3479] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3460] <... futex resumed>) = 0 [pid 3461] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3455] <... futex resumed>) = 0 [pid 3460] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3455] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3462] <... futex resumed>) = 0 [pid 3460] <... futex resumed>) = 1 [pid 3458] <... futex resumed>) = 0 [pid 3455] <... futex resumed>) = 1 [pid 290] <... close resumed>) = 0 [pid 3476] chdir("./102" [pid 3462] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3460] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3458] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3455] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3462] <... mmap resumed>) = 0x200000000000 [pid 3458] <... mmap resumed>) = 0x200000000000 [pid 3458] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3462] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3458] <... futex resumed>) = 1 [pid 3455] <... futex resumed>) = 0 [pid 3462] <... futex resumed>) = 1 [pid 3460] <... futex resumed>) = 0 [pid 3462] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3460] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3458] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3455] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] <... chdir resumed>) = 0 [pid 3462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3460] <... futex resumed>) = 0 [pid 3458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3455] <... futex resumed>) = 0 [pid 3463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3478] <... futex resumed>) = ? ./strace-static-x86_64: Process 3480 attached [pid 3480] set_robust_list(0x555594a056a0, 24) = 0 [pid 3480] chdir("./107") = 0 [pid 3480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3480] setpgid(0, 0) = 0 [pid 3480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3480] write(3, "1000", 4) = 4 [pid 3480] close(3) = 0 [pid 3480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3480] write(1, "executing program\n", 18executing program ) = 18 [pid 3480] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3480] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3480] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3481]}, 88) = 3481 [pid 3480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3480] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3480] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3481 attached [pid 3481] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3481] memfd_create("syzkaller", 0) = 3 [pid 3481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3460] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3455] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3461] <... futex resumed>) = ? [pid 3478] +++ killed by SIGBUS +++ [pid 3481] <... write resumed>) = 524288 [pid 3481] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3481] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3481] ioctl(4, LOOP_SET_FD, 3 [pid 3476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3476] setpgid(0, 0) = 0 [pid 3476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3476] write(3, "1000", 4) = 4 [pid 3476] close(3) = 0 [pid 3476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3476] write(1, "executing program\n", 18executing program ) = 18 [pid 3476] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3476] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3476] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3482]}, 88) = 3482 [pid 3476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3476] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3476] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3482 attached [pid 3482] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3482] memfd_create("syzkaller", 0) = 3 [pid 3482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3463] +++ killed by SIGBUS +++ [pid 3461] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3461, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3480 [pid 3462] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3481] <... ioctl resumed>) = 0 [pid 3477] <... futex resumed>) = ? [pid 3460] <... futex resumed>) = ? [pid 3455] <... futex resumed>) = ? [pid 3477] +++ killed by SIGBUS +++ [pid 3458] +++ killed by SIGBUS +++ [pid 3455] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3455, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3479] <... futex resumed>) = ? [pid 3481] close(3) = 0 [pid 3481] close(4 [pid 3479] +++ killed by SIGBUS +++ [pid 3481] <... close resumed>) = 0 [pid 3481] mkdir("./file2", 0777) = 0 [pid 3481] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3482] <... write resumed>) = 524288 [pid 3482] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3482] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3482] ioctl(4, LOOP_SET_FD, 3 [pid 3462] +++ killed by SIGBUS +++ [pid 3460] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3460, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3482] <... ioctl resumed>) = 0 [pid 3482] close(3) = 0 [pid 3482] close(4) = 0 [pid 3482] mkdir("./file2", 0777) = 0 [pid 3482] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 291] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(3, "", [pid 289] newfstatat(3, "", [pid 287] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... openat resumed>) = 3 [pid 291] getdents64(3, [pid 289] getdents64(3, [pid 287] newfstatat(3, "", [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3481] <... mount resumed>) = 0 [pid 3481] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3481] chdir("./file2") = 0 [pid 3481] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3482] <... mount resumed>) = 0 [pid 3482] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3482] chdir("./file2") = 0 [pid 3482] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [ 73.639720][ T3463] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 73.658100][ T3462] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 73.673840][ T3458] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] rmdir("./102/file2") = 0 [pid 289] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./102/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./102") = 0 [pid 289] mkdir("./103", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3481] <... openat resumed>) = 4 [pid 3481] ioctl(4, LOOP_CLR_FD [pid 3482] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3489 ./strace-static-x86_64: Process 3489 attached [pid 3489] set_robust_list(0x555594a056a0, 24) = 0 [pid 3489] chdir("./103") = 0 [pid 3489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3489] setpgid(0, 0) = 0 [pid 3489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3482] ioctl(4, LOOP_CLR_FD [pid 3481] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 3482] <... ioctl resumed>) = 0 [pid 3481] close(4 [pid 3482] close(4 [pid 3481] <... close resumed>) = 0 [pid 291] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3482] <... close resumed>) = 0 [pid 3481] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3482] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3481] <... futex resumed>) = 1 [pid 3480] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3482] <... futex resumed>) = 1 [pid 3481] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3480] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] <... futex resumed>) = 0 [pid 3482] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3480] <... futex resumed>) = 0 [pid 3476] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./103/file2", [pid 287] newfstatat(AT_FDCWD, "./109/file2", [pid 3482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3481] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3480] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3476] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3482] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3476] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3482] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3482] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3482] <... futex resumed>) = 1 [pid 3476] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 3482] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3476] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 3482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3476] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3482] write(4, "#! \n", 4 [pid 3476] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] getdents64(4, [pid 287] getdents64(4, [pid 3482] <... write resumed>) = 4 [pid 3476] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3482] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] getdents64(4, [pid 287] getdents64(4, [pid 3482] <... futex resumed>) = 0 [pid 3476] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3482] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3476] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] close(4 [pid 287] close(4 [pid 3476] <... mprotect resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] rmdir("./103/file2" [pid 287] rmdir("./109/file2" [pid 3476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3481] <... openat resumed>) = 4 [pid 3476] <... clone3 resumed> => {parent_tid=[3490]}, 88) = 3490 [pid 291] newfstatat(AT_FDCWD, "./103/binderfs", [pid 287] newfstatat(AT_FDCWD, "./109/binderfs", [pid 3481] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] rt_sigprocmask(SIG_SETMASK, [], [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3481] <... futex resumed>) = 1 [pid 3480] <... futex resumed>) = 0 [pid 3476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] unlink("./103/binderfs" [pid 287] unlink("./109/binderfs" [pid 3489] <... openat resumed>) = 3 [pid 3481] write(4, "#! \n", 4 [pid 3480] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 3489] write(3, "1000", 4 [pid 3481] <... write resumed>) = 4 [pid 3480] <... futex resumed>) = 0 [pid 3476] <... futex resumed>) = 0 [pid 291] getdents64(3, [pid 287] getdents64(3, [pid 3489] <... write resumed>) = 4 [pid 3481] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3480] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3489] close(3 [pid 3481] <... futex resumed>) = 0 [pid 3480] <... futex resumed>) = 0 [pid 291] close(3 [pid 287] close(3 [pid 3489] <... close resumed>) = 0 [pid 3481] write(4, "#! \n", 4 [pid 3480] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3489] symlink("/dev/binderfs", "./binderfs" [pid 3481] <... write resumed>) = 4 [pid 291] rmdir("./103" [pid 287] rmdir("./109" [pid 3489] <... symlink resumed>) = 0 [pid 3481] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3489] write(1, "executing program\n", 18 [pid 3481] <... futex resumed>) = 1 [pid 3480] <... futex resumed>) = 0 [pid 291] mkdir("./104", 0777executing program [pid 287] mkdir("./110", 0777 [pid 3489] <... write resumed>) = 18 [pid 3481] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3480] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... mkdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 3489] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3480] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3489] <... futex resumed>) = 0 [pid 3481] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3480] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 3489] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 291] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 3489] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3481] <... mmap resumed>) = 0x200000000000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 291] close(3 [pid 287] close(3 [pid 3489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3489] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3489] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3481] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3491 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3492 [pid 3489] <... mprotect resumed>) = 0 [pid 3481] <... futex resumed>) = 1 [pid 3480] <... futex resumed>) = 0 [pid 3489] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3481] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3480] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3480] <... futex resumed>) = 0 [pid 3489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3493]}, 88) = 3493 [pid 3489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3489] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3490 attached [pid 3490] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3490] write(4, "#! \n", 4) = 4 [pid 3490] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3476] <... futex resumed>) = 0 [pid 3476] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3482] <... futex resumed>) = 0 [pid 3476] <... futex resumed>) = 1 [pid 3482] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3476] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3482] <... mmap resumed>) = 0x200000000000 [pid 3482] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3476] <... futex resumed>) = 0 [pid 3482] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3476] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3476] <... futex resumed>) = 0 [pid 3480] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3490] <... futex resumed>) = 1 [pid 3490] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3491 attached [pid 3491] set_robust_list(0x555594a056a0, 24) = 0 [pid 3491] chdir("./104") = 0 [pid 3491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3491] setpgid(0, 0) = 0 [pid 3491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3476] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- ./strace-static-x86_64: Process 3492 attached [pid 3492] set_robust_list(0x555594a056a0, 24 [pid 3476] <... futex resumed>) = ? [pid 3492] <... set_robust_list resumed>) = 0 [pid 3490] <... futex resumed>) = ? ./strace-static-x86_64: Process 3493 attached [pid 3492] chdir("./110" [pid 3481] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3492] <... chdir resumed>) = 0 [pid 3493] set_robust_list(0x7f0aecccf9a0, 24 [pid 3492] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3480] <... futex resumed>) = ? [pid 3493] <... set_robust_list resumed>) = 0 [pid 3492] <... prctl resumed>) = 0 [pid 3493] rt_sigprocmask(SIG_SETMASK, [], [pid 3492] setpgid(0, 0 [pid 3493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3492] <... setpgid resumed>) = 0 [pid 3492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3493] memfd_create("syzkaller", 0 [pid 3492] write(3, "1000", 4 [pid 3491] <... openat resumed>) = 3 [pid 3493] <... memfd_create resumed>) = 3 [pid 3492] <... write resumed>) = 4 [pid 3491] write(3, "1000", 4 [pid 3492] close(3 [pid 3493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3492] <... close resumed>) = 0 [pid 3492] symlink("/dev/binderfs", "./binderfs"executing program [pid 3491] <... write resumed>) = 4 [pid 3492] <... symlink resumed>) = 0 [pid 3492] write(1, "executing program\n", 18) = 18 [pid 3492] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3481] +++ killed by SIGBUS +++ [pid 3480] +++ killed by SIGBUS +++ [pid 3492] <... futex resumed>) = 0 [pid 3492] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3492] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3493] <... mmap resumed>) = 0x7f0ae48af000 [pid 3491] close(3./strace-static-x86_64: Process 3494 attached [pid 3492] <... clone3 resumed> => {parent_tid=[3494]}, 88) = 3494 [pid 3491] <... close resumed>) = 0 [pid 3494] set_robust_list(0x7f0aecccf9a0, 24 [pid 3492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3492] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3492] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3494] <... set_robust_list resumed>) = 0 [pid 3491] symlink("/dev/binderfs", "./binderfs" [pid 3494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3494] memfd_create("syzkaller", 0) = 3 [pid 3494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 3493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3491] <... symlink resumed>) = 0 [pid 3491] write(1, "executing program\n", 18) = 18 [pid 3491] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3491] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3482] +++ killed by SIGBUS +++ [pid 3491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3491] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3490] +++ killed by SIGBUS +++ [pid 3476] +++ killed by SIGBUS +++ [pid 3494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3491] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3476, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3491] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3495]}, 88) = 3495 [pid 3491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3491] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3491] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3494] <... write resumed>) = 524288 ./strace-static-x86_64: Process 3495 attached [pid 3495] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3495] memfd_create("syzkaller", 0) = 3 [pid 3495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3494] munmap(0x7f0ae48af000, 138412032 [pid 3493] <... write resumed>) = 524288 [pid 3494] <... munmap resumed>) = 0 [pid 3495] <... mmap resumed>) = 0x7f0ae48af000 [pid 3493] munmap(0x7f0ae48af000, 138412032 [pid 3494] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3493] <... munmap resumed>) = 0 [pid 3493] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3495] <... write resumed>) = 524288 [pid 3495] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3495] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./107/file2") = 0 [pid 290] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./107/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./107") = 0 [pid 290] mkdir("./108", 0777) = 0 [ 73.818118][ T3481] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 73.819612][ T3482] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3495] <... openat resumed>) = 4 [pid 3494] <... openat resumed>) = 4 [pid 3493] <... openat resumed>) = 4 [pid 3494] ioctl(4, LOOP_SET_FD, 3 [pid 3493] ioctl(4, LOOP_SET_FD, 3 [pid 3495] ioctl(4, LOOP_SET_FD, 3 [pid 3494] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 3494] close(3 [pid 288] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3494] <... close resumed>) = 0 [pid 3493] <... ioctl resumed>) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3494] close(4 [pid 3493] close(3) = 0 [pid 3493] close(4 [pid 288] newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./102/file2") = 0 [pid 288] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./102/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./102") = 0 [pid 288] mkdir("./103", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3493] <... close resumed>) = 0 [pid 3493] mkdir("./file2", 0777) = 0 [pid 3495] <... ioctl resumed>) = 0 [pid 3493] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3494] <... close resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 3494] mkdir("./file2", 0777) = 0 [pid 3494] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3499 ./strace-static-x86_64: Process 3499 attached [pid 3499] set_robust_list(0x555594a056a0, 24) = 0 [pid 3499] chdir("./103") = 0 [pid 3499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3499] setpgid(0, 0) = 0 [pid 3499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3499] write(3, "1000", 4) = 4 [pid 3499] close(3) = 0 executing program [pid 3499] symlink("/dev/binderfs", "./binderfs" [pid 3495] close(3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 3499] <... symlink resumed>) = 0 [pid 3499] write(1, "executing program\n", 18) = 18 [pid 3499] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3499] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3500]}, 88) = 3500 [pid 3499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3499] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3499] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3500 attached [pid 3500] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3495] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3495] close(4 [pid 290] close(3 [pid 3495] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 3495] mkdir("./file2", 0777 [pid 3500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3500] memfd_create("syzkaller", 0) = 3 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3495] <... mkdir resumed>) = 0 [pid 3495] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3502 [pid 3500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 3502 attached [pid 3502] set_robust_list(0x555594a056a0, 24) = 0 [pid 3502] chdir("./108") = 0 [pid 3502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3502] setpgid(0, 0) = 0 [pid 3502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3500] <... write resumed>) = 524288 [pid 3502] write(3, "1000", 4) = 4 [pid 3502] close(3) = 0 [pid 3493] <... mount resumed>) = 0 [pid 3493] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3493] chdir("./file2") = 0 [pid 3493] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3493] ioctl(4, LOOP_CLR_FD) = 0 [pid 3493] close(4) = 0 [pid 3493] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3489] <... futex resumed>) = 0 [pid 3489] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3493] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000executing program ) = 4 [pid 3493] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3489] <... futex resumed>) = 0 [pid 3489] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3489] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3489] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3493] write(4, "#! \n", 4 [pid 3489] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3493] <... write resumed>) = 4 [pid 3489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3493] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] <... clone3 resumed> => {parent_tid=[3505]}, 88) = 3505 [pid 3493] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3489] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3489] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3502] write(1, "executing program\n", 18) = 18 [pid 3502] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3502] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3502] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3506]}, 88) = 3506 [pid 3502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3500] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3500] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3500] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3505 attached [pid 3505] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3505] write(4, "#! \n", 4) = 4 [pid 3505] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... futex resumed>) = 0 [pid 3489] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3493] <... futex resumed>) = 0 [pid 3489] <... futex resumed>) = 1 [pid 3493] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3489] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3493] <... mmap resumed>) = 0x200000000000 [pid 3493] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3489] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3506 attached [pid 3505] <... futex resumed>) = 1 [pid 3489] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3506] set_robust_list(0x7f0aecccf9a0, 24 [pid 3505] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3506] <... set_robust_list resumed>) = 0 [pid 3506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3506] memfd_create("syzkaller", 0) = 3 [pid 3506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3506] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3506] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3494] <... mount resumed>) = 0 [pid 3494] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3494] chdir("./file2") = 0 [pid 3494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3494] ioctl(4, LOOP_CLR_FD) = 0 [pid 3494] close(4) = 0 [pid 3494] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3494] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3489] <... futex resumed>) = 0 [pid 3492] <... futex resumed>) = 0 [pid 3492] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3492] <... futex resumed>) = 1 [pid 3492] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3494] <... futex resumed>) = 0 [pid 3494] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3493] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3500] <... ioctl resumed>) = 0 [pid 3494] <... openat resumed>) = 4 [pid 3500] close(3 [pid 3494] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3492] <... futex resumed>) = 0 [pid 3505] <... futex resumed>) = ? [pid 3494] write(4, "#! \n", 4 [pid 3492] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3489] <... futex resumed>) = ? [pid 3494] <... write resumed>) = 4 [pid 3492] <... futex resumed>) = 0 [pid 3494] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3492] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3494] <... futex resumed>) = 0 [pid 3492] <... futex resumed>) = 0 [pid 3494] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3492] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3505] +++ killed by SIGBUS +++ [pid 3492] <... clone3 resumed> => {parent_tid=[3510]}, 88) = 3510 [pid 3492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3492] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3510 attached [pid 3506] <... openat resumed>) = 4 [pid 3500] <... close resumed>) = 0 [pid 3493] +++ killed by SIGBUS +++ [pid 3492] <... futex resumed>) = 0 [pid 3489] +++ killed by SIGBUS +++ [pid 3506] ioctl(4, LOOP_SET_FD, 3 [pid 3500] close(4 [pid 3492] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3510] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3510] write(4, "#! \n", 4) = 4 [pid 3510] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3492] <... futex resumed>) = 0 [pid 3492] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3494] <... futex resumed>) = 0 [pid 3492] <... futex resumed>) = 1 [pid 3494] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3492] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3495] <... mount resumed>) = 0 [pid 3494] <... mmap resumed>) = 0x200000000000 [pid 3495] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3494] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3495] <... openat resumed>) = 3 [pid 3495] chdir("./file2" [pid 3494] <... futex resumed>) = 1 [pid 3492] <... futex resumed>) = 0 [pid 3495] <... chdir resumed>) = 0 [pid 3510] <... futex resumed>) = 1 [pid 3506] <... ioctl resumed>) = 0 [pid 3495] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3492] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3506] close(3) = 0 [pid 3506] close(4 [pid 3510] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3492] <... futex resumed>) = 0 [pid 3492] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 289] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3492] <... futex resumed>) = ? [pid 289] <... openat resumed>) = 3 [pid 3510] <... futex resumed>) = ? [pid 3510] +++ killed by SIGBUS +++ [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3494] +++ killed by SIGBUS +++ [pid 3492] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3492, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3500] <... close resumed>) = 0 [pid 3495] <... openat resumed>) = 4 [pid 3500] mkdir("./file2", 0777 [pid 3495] ioctl(4, LOOP_CLR_FD [pid 3500] <... mkdir resumed>) = 0 [ 73.986990][ T3493] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 74.014456][ T3494] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3500] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3506] <... close resumed>) = 0 [pid 3506] mkdir("./file2", 0777) = 0 [pid 3506] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3495] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 3495] close(4 [pid 289] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3495] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3495] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./103/file2", [pid 287] newfstatat(AT_FDCWD, "./110/file2", [pid 3495] <... futex resumed>) = 1 [pid 3491] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3495] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3491] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3491] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3495] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3491] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3495] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 3495] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 3495] <... futex resumed>) = 1 [pid 3491] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3495] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3491] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 3495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3491] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3495] write(4, "#! \n", 4 [pid 3491] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 3495] <... write resumed>) = 4 [pid 3491] <... futex resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3495] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] close(4 [pid 287] close(4 [pid 3495] <... futex resumed>) = 0 [pid 3491] <... mmap resumed>) = 0x7f0aecc8e000 [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3495] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3491] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] rmdir("./103/file2" [pid 287] rmdir("./110/file2" [pid 3491] <... mprotect resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3491] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3491] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] newfstatat(AT_FDCWD, "./103/binderfs", [pid 287] newfstatat(AT_FDCWD, "./110/binderfs", [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3491] <... clone3 resumed> => {parent_tid=[3513]}, 88) = 3513 [pid 289] unlink("./103/binderfs" [pid 287] unlink("./110/binderfs" [pid 3491] rt_sigprocmask(SIG_SETMASK, [], [pid 289] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 3491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 289] getdents64(3, [pid 287] getdents64(3, [pid 3491] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3491] <... futex resumed>) = 0 [pid 289] close(3 [pid 287] close(3 [pid 3491] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 289] rmdir("./103" [pid 287] rmdir("./110" [pid 289] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 289] mkdir("./104", 0777 [pid 287] mkdir("./111", 0777 [pid 289] <... mkdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 287] close(3 [pid 289] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3515 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3516 ./strace-static-x86_64: Process 3516 attached [pid 3516] set_robust_list(0x555594a056a0, 24) = 0 [pid 3516] chdir("./111") = 0 [pid 3516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3516] setpgid(0, 0) = 0 [pid 3516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 3515 attached ./strace-static-x86_64: Process 3513 attached [pid 3515] set_robust_list(0x555594a056a0, 24 [pid 3513] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3513] rt_sigprocmask(SIG_SETMASK, [], [pid 3515] <... set_robust_list resumed>) = 0 [pid 3513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3515] chdir("./104" [pid 3513] write(4, "#! \n", 4) = 4 [pid 3516] write(3, "1000", 4) = 4 [pid 3516] close(3) = 0 [pid 3513] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3516] symlink("/dev/binderfs", "./binderfs" [pid 3491] <... futex resumed>) = 0 [pid 3491] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3495] <... futex resumed>) = 0 [pid 3491] <... futex resumed>) = 1 [pid 3495] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3491] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3495] <... mmap resumed>) = 0x200000000000 [pid 3495] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3491] <... futex resumed>) = 0 [pid 3495] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3491] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3491] <... futex resumed>) = 0 [pid 3491] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3516] <... symlink resumed>) = 0 [pid 3513] <... futex resumed>) = 1 [pid 3515] <... chdir resumed>) = 0 [pid 3513] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3515] setpgid(0, 0) = 0 [pid 3515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3516] write(1, "executing program\n", 18 [pid 3515] <... openat resumed>) = 3 executing program [pid 3516] <... write resumed>) = 18 [pid 3516] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3516] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3515] write(3, "1000", 4 [pid 3516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3515] <... write resumed>) = 4 [pid 3516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3515] close(3 [pid 3516] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3515] <... close resumed>) = 0 [pid 3516] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3515] symlink("/dev/binderfs", "./binderfs" [pid 3516] <... mprotect resumed>) = 0 [pid 3515] <... symlink resumed>) = 0 [pid 3516] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 3515] write(1, "executing program\n", 18 [pid 3516] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3515] <... write resumed>) = 18 [pid 3516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3515] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3516] <... clone3 resumed> => {parent_tid=[3519]}, 88) = 3519 [pid 3515] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3516] rt_sigprocmask(SIG_SETMASK, [], [pid 3515] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3516] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3516] <... futex resumed>) = 0 [pid 3515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3516] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3515] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3515] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3520]}, 88) = 3520 [pid 3515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3515] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3515] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3500] <... mount resumed>) = 0 [pid 3500] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3500] chdir("./file2") = 0 [pid 3500] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3500] ioctl(4, LOOP_CLR_FD) = 0 [pid 3500] close(4./strace-static-x86_64: Process 3520 attached ) = 0 [pid 3500] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3499] <... futex resumed>) = 0 [pid 3500] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3499] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3499] <... futex resumed>) = 0 [pid 3500] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3499] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3519 attached [pid 3500] <... openat resumed>) = 4 [pid 3500] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3519] memfd_create("syzkaller", 0 [pid 3500] <... futex resumed>) = 1 [pid 3499] <... futex resumed>) = 0 [pid 3500] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3499] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3499] <... futex resumed>) = 0 [pid 3500] write(4, "#! \n", 4 [pid 3499] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] <... memfd_create resumed>) = 3 [pid 3500] <... write resumed>) = 4 [pid 3499] <... futex resumed>) = 0 [pid 3500] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3500] <... futex resumed>) = 0 [pid 3499] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3500] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3499] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3499] <... mprotect resumed>) = 0 [pid 3519] <... mmap resumed>) = 0x7f0ae48af000 [pid 3499] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3499] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3520] set_robust_list(0x7f0aecccf9a0, 24 [pid 3499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3520] <... set_robust_list resumed>) = 0 [pid 3520] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3522 attached [pid 3522] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3522] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3513] <... futex resumed>) = 0 [pid 3506] <... mount resumed>) = 0 [pid 3499] <... clone3 resumed> => {parent_tid=[3522]}, 88) = 3522 [pid 3491] <... futex resumed>) = ? [pid 3520] memfd_create("syzkaller", 0 [pid 3513] +++ killed by SIGBUS +++ [pid 3506] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3499] rt_sigprocmask(SIG_SETMASK, [], [pid 3520] <... memfd_create resumed>) = 3 [pid 3519] <... write resumed>) = 524288 [pid 3506] <... openat resumed>) = 3 [pid 3499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3506] chdir("./file2" [pid 3499] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3495] +++ killed by SIGBUS +++ [pid 3491] +++ killed by SIGBUS +++ [pid 3520] <... mmap resumed>) = 0x7f0ae48af000 [pid 3506] <... chdir resumed>) = 0 [pid 3499] <... futex resumed>) = 1 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3491, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3522] <... futex resumed>) = 0 [pid 3520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3506] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3499] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3522] write(4, "#! \n", 4 [pid 3520] <... write resumed>) = 524288 [pid 3506] <... openat resumed>) = 4 [pid 291] <... restart_syscall resumed>) = 0 [pid 3520] munmap(0x7f0ae48af000, 138412032 [pid 3506] ioctl(4, LOOP_CLR_FD [pid 3522] <... write resumed>) = 4 [pid 3520] <... munmap resumed>) = 0 [pid 3506] <... ioctl resumed>) = 0 [pid 3520] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3506] close(4 [pid 291] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3522] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... openat resumed>) = 4 [pid 3506] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3520] ioctl(4, LOOP_SET_FD, 3 [pid 3506] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3506] <... futex resumed>) = 1 [pid 3502] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 3506] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(3, "", [pid 3506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3502] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3519] munmap(0x7f0ae48af000, 138412032 [pid 3506] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] getdents64(3, [pid 3522] <... futex resumed>) = 1 [pid 3520] <... ioctl resumed>) = 0 [pid 3519] <... munmap resumed>) = 0 [pid 3506] <... openat resumed>) = 4 [pid 3499] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3520] close(3 [pid 3506] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3520] <... close resumed>) = 0 [pid 3506] <... futex resumed>) = 0 [pid 3522] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3520] close(4 [pid 3519] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3506] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3499] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3500] <... futex resumed>) = 0 [pid 3499] <... futex resumed>) = 1 [pid 3500] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3502] <... futex resumed>) = 1 [pid 3500] <... mmap resumed>) = 0x200000000000 [pid 3500] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3499] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3506] <... futex resumed>) = 0 [pid 3502] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3500] <... futex resumed>) = 0 [pid 3500] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3506] write(4, "#! \n", 4 [pid 3502] <... futex resumed>) = 0 [pid 3499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3506] <... write resumed>) = 4 [pid 3506] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3506] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3502] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3524]}, 88) = 3524 [pid 3502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3502] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3502] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3499] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3500] <... futex resumed>) = 0 [ 74.194116][ T3495] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3499] <... futex resumed>) = 1 ./strace-static-x86_64: Process 3524 attached [pid 3524] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3524] write(4, "#! \n", 4) = 4 [pid 3524] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3502] <... futex resumed>) = 0 [pid 3524] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3506] <... futex resumed>) = 0 [pid 3502] <... futex resumed>) = 1 [pid 3506] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3506] <... mmap resumed>) = 0x200000000000 [pid 3506] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3502] <... futex resumed>) = 0 [pid 3506] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3502] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3502] <... futex resumed>) = 0 [pid 3500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3499] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 3502] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3522] <... futex resumed>) = ? [pid 3522] +++ killed by SIGBUS +++ [pid 3500] +++ killed by SIGBUS +++ [pid 3499] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3502] <... futex resumed>) = ? [pid 3524] <... futex resumed>) = ? [pid 3524] +++ killed by SIGBUS +++ [pid 3506] +++ killed by SIGBUS +++ [pid 3502] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3502, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3520] <... close resumed>) = 0 [pid 3520] mkdir("./file2", 0777) = 0 [pid 3520] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... umount2 resumed>) = 0 [pid 3519] <... openat resumed>) = 4 [pid 3519] ioctl(4, LOOP_SET_FD, 3 [pid 291] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] <... restart_syscall resumed>) = 0 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, [pid 290] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] getdents64(4, [pid 290] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... openat resumed>) = 3 [pid 291] close(4 [pid 290] newfstatat(3, "", [pid 291] <... close resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] rmdir("./104/file2" [pid 290] getdents64(3, [pid 291] <... rmdir resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./104/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./104") = 0 [pid 291] mkdir("./105", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3520] <... mount resumed>) = 0 [pid 3520] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3520] chdir("./file2") = 0 [pid 3520] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./103/file2") = 0 [pid 288] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./103/binderfs" [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 288] <... unlink resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 288] getdents64(3, [pid 291] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3527 [pid 288] close(3) = 0 [pid 288] rmdir("./103") = 0 [pid 288] mkdir("./104", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3529 ./strace-static-x86_64: Process 3527 attached ./strace-static-x86_64: Process 3529 attached [pid 3529] set_robust_list(0x555594a056a0, 24 [pid 3527] set_robust_list(0x555594a056a0, 24) = 0 [pid 3529] <... set_robust_list resumed>) = 0 [pid 3527] chdir("./105" [pid 3529] chdir("./104") = 0 [pid 3527] <... chdir resumed>) = 0 [pid 3527] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3529] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3527] <... prctl resumed>) = 0 [pid 3529] <... prctl resumed>) = 0 [pid 3527] setpgid(0, 0 [pid 3529] setpgid(0, 0) = 0 [pid 3527] <... setpgid resumed>) = 0 [pid 3529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 74.244861][ T3500] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 74.253063][ T3506] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3529] <... openat resumed>) = 3 [pid 3527] <... openat resumed>) = 3 [pid 3519] <... ioctl resumed>) = 0 [pid 3529] write(3, "1000", 4 [pid 3527] write(3, "1000", 4 [pid 3529] <... write resumed>) = 4 [pid 3527] <... write resumed>) = 4 [pid 3529] close(3 [pid 3527] close(3 [pid 3529] <... close resumed>) = 0 [pid 3527] <... close resumed>) = 0 [pid 3529] symlink("/dev/binderfs", "./binderfs" [pid 3527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3519] close(3 [pid 3529] <... symlink resumed>) = 0 executing program [pid 3529] write(1, "executing program\n", 18) = 18 [pid 3529] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 3527] write(1, "executing program\n", 18) = 18 [pid 3527] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3529] <... futex resumed>) = 0 [pid 3529] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3527] <... futex resumed>) = 0 [pid 3529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3527] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3527] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3529] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3529] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3527] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3527] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3519] <... close resumed>) = 0 [pid 3527] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3519] close(4 [pid 3527] <... clone3 resumed> => {parent_tid=[3531]}, 88) = 3531 [pid 3529] <... clone3 resumed> => {parent_tid=[3532]}, 88) = 3532 [pid 3527] rt_sigprocmask(SIG_SETMASK, [], [pid 3529] rt_sigprocmask(SIG_SETMASK, [], [pid 3527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3527] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3529] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3527] <... futex resumed>) = 0 [pid 3527] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3529] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3531 attached [pid 3531] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3531] memfd_create("syzkaller", 0) = 3 [pid 3531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 ./strace-static-x86_64: Process 3532 attached [pid 3532] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3532] memfd_create("syzkaller", 0) = 3 [pid 3532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3532] <... mmap resumed>) = 0x7f0ae48af000 [pid 3531] <... write resumed>) = 524288 [pid 3531] munmap(0x7f0ae48af000, 138412032 [pid 3532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3531] <... munmap resumed>) = 0 [pid 3531] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3532] <... write resumed>) = 524288 [pid 3532] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3532] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3520] <... openat resumed>) = 4 [pid 3520] ioctl(4, LOOP_CLR_FD [pid 3519] <... close resumed>) = 0 [pid 3520] <... ioctl resumed>) = 0 [pid 3519] mkdir("./file2", 0777 [pid 290] <... umount2 resumed>) = 0 [pid 3520] close(4 [pid 290] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3531] <... openat resumed>) = 4 [pid 290] close(4 [pid 3531] ioctl(4, LOOP_SET_FD, 3 [pid 290] <... close resumed>) = 0 [pid 290] rmdir("./108/file2") = 0 [pid 3519] <... mkdir resumed>) = 0 [pid 290] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./108/binderfs", [pid 3519] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./108/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./108") = 0 [pid 290] mkdir("./109", 0777 [pid 3531] <... ioctl resumed>) = 0 [pid 3532] <... openat resumed>) = 4 [pid 3520] <... close resumed>) = 0 [pid 3531] close(3 [pid 3532] ioctl(4, LOOP_SET_FD, 3 [pid 3531] <... close resumed>) = 0 [pid 3531] close(4 [pid 3532] <... ioctl resumed>) = 0 [pid 3532] close(3) = 0 [pid 3520] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3532] close(4 [pid 3520] <... futex resumed>) = 1 [pid 3515] <... futex resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 3520] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3515] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3520] <... openat resumed>) = 4 [pid 3515] <... futex resumed>) = 0 [pid 3520] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3515] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3520] <... futex resumed>) = 0 [pid 3515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3520] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3515] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3515] <... futex resumed>) = 0 [pid 3520] write(4, "#! \n", 4 [pid 3515] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... write resumed>) = 4 [pid 3515] <... futex resumed>) = 0 [pid 3520] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3520] <... futex resumed>) = 0 [pid 3515] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3520] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3515] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3535]}, 88) = 3535 [pid 3515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3515] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3515] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3535 attached [pid 3535] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3535] write(4, "#! \n", 4) = 4 [pid 3535] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3515] <... futex resumed>) = 0 [pid 3515] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... futex resumed>) = 0 [pid 3515] <... futex resumed>) = 1 [pid 3520] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3515] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3535] <... futex resumed>) = 1 [pid 3520] <... mmap resumed>) = 0x200000000000 [pid 3535] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3520] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3515] <... futex resumed>) = 0 [pid 3520] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3515] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3515] <... futex resumed>) = 0 [pid 3515] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3515] <... futex resumed>) = ? [pid 3535] <... futex resumed>) = ? [pid 3535] +++ killed by SIGBUS +++ [pid 3520] +++ killed by SIGBUS +++ [pid 3515] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3515, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3519] <... mount resumed>) = 0 [pid 3519] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3519] chdir("./file2") = 0 [pid 3519] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3531] <... close resumed>) = 0 [pid 3531] mkdir("./file2", 0777) = 0 [ 74.476032][ T3520] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3531] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3532] <... close resumed>) = 0 [pid 3519] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 3519] ioctl(4, LOOP_CLR_FD) = 0 [pid 3519] close(4) = 0 [pid 3519] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3516] <... futex resumed>) = 0 [pid 3532] mkdir("./file2", 0777 [pid 3519] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3516] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] ioctl(3, LOOP_CLR_FD [pid 3519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3516] <... futex resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3532] <... mkdir resumed>) = 0 [pid 3519] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3516] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] close(3 [pid 3532] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3519] <... openat resumed>) = 4 [pid 3519] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3516] <... futex resumed>) = 0 [pid 3519] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3516] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3516] <... futex resumed>) = 0 [pid 3519] write(4, "#! \n", 4 [pid 3516] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] <... write resumed>) = 4 [pid 3516] <... futex resumed>) = 0 [pid 3519] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3519] <... futex resumed>) = 0 [pid 3516] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3519] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3516] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3540]}, 88) = 3540 [pid 3516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3516] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3540 attached [pid 3531] <... mount resumed>) = 0 [pid 3531] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3531] chdir("./file2") = 0 [pid 3531] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3540] set_robust_list(0x7f0aeccae9a0, 24 [pid 3516] <... futex resumed>) = 0 [pid 3540] <... set_robust_list resumed>) = 0 [pid 3540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3540] write(4, "#! \n", 4) = 4 [pid 3516] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3540] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3516] <... futex resumed>) = 0 [pid 3516] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] <... futex resumed>) = 0 [pid 3516] <... futex resumed>) = 1 [pid 3519] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3516] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3540] <... futex resumed>) = 1 [pid 3519] <... mmap resumed>) = 0x200000000000 [pid 3519] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3516] <... futex resumed>) = 0 [pid 3519] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3516] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3516] <... futex resumed>) = 0 [pid 3540] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3516] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3519] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3540] <... futex resumed>) = ? [pid 3516] <... futex resumed>) = ? [pid 3540] +++ killed by SIGBUS +++ [pid 3519] +++ killed by SIGBUS +++ [pid 3516] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3516, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3531] <... openat resumed>) = 4 [pid 290] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 3531] ioctl(4, LOOP_CLR_FD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3541 [pid 289] newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./104/file2") = 0 [pid 289] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./104/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3 [pid 3531] <... ioctl resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 289] rmdir("./104" [pid 3531] close(4 [pid 289] <... rmdir resumed>) = 0 [pid 3531] <... close resumed>) = 0 [pid 289] mkdir("./105", 0777 [pid 3531] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... mkdir resumed>) = 0 [pid 3531] <... futex resumed>) = 1 [pid 3527] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3531] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3527] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... openat resumed>) = 3 [pid 3531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3527] <... futex resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 3531] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3527] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3542 [pid 3531] <... openat resumed>) = 4 [pid 3531] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3527] <... futex resumed>) = 0 [pid 3531] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3527] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3542 attached ./strace-static-x86_64: Process 3541 attached [pid 3531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3527] <... futex resumed>) = 0 [pid 3542] set_robust_list(0x555594a056a0, 24 [pid 3541] set_robust_list(0x555594a056a0, 24 [pid 3531] write(4, "#! \n", 4 [pid 3527] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3542] <... set_robust_list resumed>) = 0 [pid 3541] <... set_robust_list resumed>) = 0 [pid 3531] <... write resumed>) = 4 [pid 3527] <... futex resumed>) = 0 [pid 3542] chdir("./105" [pid 3531] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] chdir("./109" [pid 3527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3542] <... chdir resumed>) = 0 [pid 3541] <... chdir resumed>) = 0 [pid 3531] <... futex resumed>) = 0 [pid 3542] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3531] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3527] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3541] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3542] <... prctl resumed>) = 0 [pid 3542] setpgid(0, 0 [pid 3527] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3541] <... prctl resumed>) = 0 [pid 3542] <... setpgid resumed>) = 0 [pid 3527] <... mprotect resumed>) = 0 [pid 3541] setpgid(0, 0 [pid 3542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3541] <... setpgid resumed>) = 0 [pid 3527] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3542] <... openat resumed>) = 3 [pid 3541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3527] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3542] write(3, "1000", 4 [pid 3527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3542] <... write resumed>) = 4 [pid 3542] close(3) = 0 [pid 3541] <... openat resumed>) = 3 [pid 3527] <... clone3 resumed> => {parent_tid=[3543]}, 88) = 3543 [pid 3542] symlink("/dev/binderfs", "./binderfs" [pid 3541] write(3, "1000", 4 [pid 3527] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 3542] <... symlink resumed>) = 0 [pid 3541] <... write resumed>) = 4 [pid 3527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3542] write(1, "executing program\n", 18) = 18 [pid 3542] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3527] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] close(3 [pid 3527] <... futex resumed>) = 0 [pid 3542] <... futex resumed>) = 0 [pid 3527] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3541] <... close resumed>) = 0 [pid 3542] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3542] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3541] symlink("/dev/binderfs", "./binderfs" [pid 3542] <... clone3 resumed> => {parent_tid=[3545]}, 88) = 3545 [pid 3542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3542] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3542] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3545 attached [pid 3545] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3545] rt_sigprocmask(SIG_SETMASK, [], [pid 3541] <... symlink resumed>) = 0 [pid 3545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3545] memfd_create("syzkaller", 0) = 3 [pid 3545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3541] write(1, "executing program\n", 18executing program ) = 18 [pid 3545] <... mmap resumed>) = 0x7f0ae48af000 [pid 3541] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3543 attached ) = 0 [pid 3541] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3543] set_robust_list(0x7f0aeccae9a0, 24 [pid 3541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3543] <... set_robust_list resumed>) = 0 [pid 3541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3543] rt_sigprocmask(SIG_SETMASK, [], [pid 3541] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3532] <... mount resumed>) = 0 [pid 3541] <... mprotect resumed>) = 0 [pid 3532] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3532] <... openat resumed>) = 3 [pid 3541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3532] chdir("./file2") = 0 [pid 3541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3532] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3541] <... clone3 resumed> => {parent_tid=[3547]}, 88) = 3547 [pid 3545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3541] rt_sigprocmask(SIG_SETMASK, [], [pid 3543] write(4, "#! \n", 4 [pid 3541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3541] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3543] <... write resumed>) = 4 [pid 3541] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3543] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3547 attached [pid 3527] <... futex resumed>) = 0 [pid 3543] <... futex resumed>) = 1 [ 74.551539][ T3519] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3527] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3531] <... futex resumed>) = 0 [pid 3543] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3527] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3531] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3531] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3527] <... futex resumed>) = 0 [pid 3531] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3527] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3527] <... futex resumed>) = 0 [pid 3545] <... write resumed>) = 524288 [pid 3545] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3545] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3547] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3547] memfd_create("syzkaller", 0) = 3 [pid 3547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3547] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3547] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3527] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3531] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3543] <... futex resumed>) = ? [pid 3527] <... futex resumed>) = ? [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./111/file2") = 0 [pid 287] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./111/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./111") = 0 [pid 287] mkdir("./112", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3532] <... openat resumed>) = 4 [pid 3532] ioctl(4, LOOP_CLR_FD) = 0 [pid 3532] close(4) = 0 [pid 3532] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3532] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3548 [pid 3545] <... openat resumed>) = 4 [pid 3545] ioctl(4, LOOP_SET_FD, 3 [pid 3531] +++ killed by SIGBUS +++ [pid 3529] <... futex resumed>) = 0 [pid 3529] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3532] <... futex resumed>) = 0 [pid 3529] <... futex resumed>) = 1 [pid 3532] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3529] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3543] +++ killed by SIGBUS +++ [pid 3532] <... openat resumed>) = 4 [pid 3532] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3529] <... futex resumed>) = 0 [pid 3532] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3529] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3529] <... futex resumed>) = 0 [pid 3532] write(4, "#! \n", 4 [pid 3529] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3548 attached [pid 3532] <... write resumed>) = 4 [pid 3529] <... futex resumed>) = 0 [pid 3527] +++ killed by SIGBUS +++ [pid 3545] <... ioctl resumed>) = 0 [pid 3548] set_robust_list(0x555594a056a0, 24) = 0 [pid 3548] chdir("./112") = 0 [pid 3548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3548] setpgid(0, 0) = 0 [pid 3548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3548] write(3, "1000", 4) = 4 [pid 3548] close(3) = 0 [pid 3548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3548] write(1, "executing program\n", 18executing program ) = 18 [pid 3548] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3548] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3548] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3550]}, 88) = 3550 [pid 3548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3548] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3548] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3550 attached [pid 3550] set_robust_list(0x7f0aecccf9a0, 24 [pid 3529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3527, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3529] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3529] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 3529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3545] close(3 [pid 3532] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3545] <... close resumed>) = 0 [pid 3532] <... futex resumed>) = 0 [pid 3529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3545] close(4 [pid 3532] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 3551 attached [pid 3547] <... openat resumed>) = 4 [pid 3545] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3550] <... set_robust_list resumed>) = 0 [pid 3547] ioctl(4, LOOP_SET_FD, 3 [pid 3545] mkdir("./file2", 0777 [pid 3529] <... clone3 resumed> => {parent_tid=[3551]}, 88) = 3551 [pid 291] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3545] <... mkdir resumed>) = 0 [pid 3529] rt_sigprocmask(SIG_SETMASK, [], [pid 3545] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... openat resumed>) = 3 [pid 3529] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(3, "", [pid 3551] set_robust_list(0x7f0aeccae9a0, 24 [pid 3529] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3550] rt_sigprocmask(SIG_SETMASK, [], [pid 3529] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3551] <... set_robust_list resumed>) = 0 [pid 3551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3551] write(4, "#! \n", 4 [pid 3547] <... ioctl resumed>) = 0 [pid 3547] close(3) = 0 [pid 3550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3547] close(4) = 0 [pid 3550] memfd_create("syzkaller", 0 [pid 3547] mkdir("./file2", 0777 [pid 3551] <... write resumed>) = 4 [pid 3547] <... mkdir resumed>) = 0 [pid 3550] <... memfd_create resumed>) = 3 [pid 3547] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3551] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3529] <... futex resumed>) = 0 [pid 3550] <... mmap resumed>) = 0x7f0ae48af000 [pid 3529] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3532] <... futex resumed>) = 0 [pid 3529] <... futex resumed>) = 1 [pid 3532] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3529] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3532] <... mmap resumed>) = 0x200000000000 [pid 3532] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3529] <... futex resumed>) = 0 [ 74.604579][ T3531] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3532] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3529] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3529] <... futex resumed>) = 0 [pid 3551] <... futex resumed>) = 1 [pid 3550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3551] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3529] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3545] <... mount resumed>) = 0 [pid 3532] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3545] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3545] chdir("./file2") = 0 [pid 3545] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3529] <... futex resumed>) = ? [pid 3551] <... futex resumed>) = ? [pid 3550] <... write resumed>) = 524288 [pid 3550] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3550] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3551] +++ killed by SIGBUS +++ [pid 3532] +++ killed by SIGBUS +++ [pid 3529] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3529, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3545] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 3545] ioctl(4, LOOP_CLR_FD [pid 291] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3545] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3545] close(4 [pid 291] newfstatat(AT_FDCWD, "./105/file2", [pid 3545] <... close resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3545] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./105/file2") = 0 [pid 291] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./105/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./105" [pid 3545] <... futex resumed>) = 1 [pid 3542] <... futex resumed>) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 3545] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3542] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] mkdir("./106", 0777 [pid 3545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3542] <... futex resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 3545] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3542] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 3545] <... openat resumed>) = 4 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3545] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 288] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3550] <... openat resumed>) = 4 [pid 3545] <... futex resumed>) = 1 [pid 3542] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3555 [pid 3550] ioctl(4, LOOP_SET_FD, 3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3545] write(4, "#! \n", 4 [pid 3542] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3545] <... write resumed>) = 4 [pid 3542] <... futex resumed>) = 0 [pid 3545] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3542] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3555 attached [pid 3555] set_robust_list(0x555594a056a0, 24 [pid 3542] <... futex resumed>) = 0 [pid 3545] <... futex resumed>) = 0 [pid 3545] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3555] <... set_robust_list resumed>) = 0 [pid 3542] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3542] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3555] chdir("./106" [pid 3542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3555] <... chdir resumed>) = 0 [pid 3542] <... clone3 resumed> => {parent_tid=[3557]}, 88) = 3557 [pid 3542] rt_sigprocmask(SIG_SETMASK, [], [pid 3555] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3555] <... prctl resumed>) = 0 [pid 3542] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3542] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3555] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 3557 attached [pid 3555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3557] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3557] rt_sigprocmask(SIG_SETMASK, [], [pid 3550] <... ioctl resumed>) = 0 [pid 3557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3557] write(4, "#! \n", 4) = 4 [pid 3550] close(3 [pid 3557] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3555] <... openat resumed>) = 3 [pid 3550] <... close resumed>) = 0 [pid 3542] <... futex resumed>) = 0 [pid 3550] close(4 [pid 3542] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3557] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3555] write(3, "1000", 4 [pid 3545] <... futex resumed>) = 0 [pid 3555] <... write resumed>) = 4 [pid 3542] <... futex resumed>) = 1 [pid 3545] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3542] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3555] close(3) = 0 [pid 3555] symlink("/dev/binderfs", "./binderfs" [pid 3545] <... mmap resumed>) = 0x200000000000 [pid 3545] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3542] <... futex resumed>) = 0 [pid 3555] <... symlink resumed>) = 0 [pid 3545] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3542] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3542] <... futex resumed>) = 0 [pid 3555] write(1, "executing program\n", 18executing program ) = 18 [pid 3555] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3555] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3555] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3558]}, 88) = 3558 [pid 3555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3555] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3555] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3542] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3558 attached [pid 3558] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3558] memfd_create("syzkaller", 0) = 3 [pid 3558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3558] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3558] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3557] <... futex resumed>) = ? [pid 3542] <... futex resumed>) = ? [ 74.650017][ T3532] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3557] +++ killed by SIGBUS +++ [pid 3545] +++ killed by SIGBUS +++ [pid 3542] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3542, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3547] <... mount resumed>) = 0 [pid 289] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3547] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3547] <... openat resumed>) = 3 [pid 289] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3547] chdir("./file2") = 0 [pid 3547] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3558] <... openat resumed>) = 4 [pid 3550] <... close resumed>) = 0 [pid 3547] <... openat resumed>) = 4 [pid 3558] ioctl(4, LOOP_SET_FD, 3 [pid 3550] mkdir("./file2", 0777 [pid 3547] ioctl(4, LOOP_CLR_FD [pid 3550] <... mkdir resumed>) = 0 [pid 3550] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3558] <... ioctl resumed>) = 0 [pid 3558] close(3) = 0 [ 74.686389][ T3545] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3558] close(4 [pid 3547] <... ioctl resumed>) = 0 [pid 3547] close(4 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./104/file2") = 0 [pid 288] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./104/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./104") = 0 [pid 288] mkdir("./105", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3550] <... mount resumed>) = 0 [pid 3550] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3550] chdir("./file2") = 0 [pid 3550] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3558] <... close resumed>) = 0 [pid 3558] mkdir("./file2", 0777 [pid 289] <... umount2 resumed>) = 0 [pid 3558] <... mkdir resumed>) = 0 [pid 3558] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... openat resumed>) = 3 [pid 3547] <... close resumed>) = 0 [pid 3547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] ioctl(3, LOOP_CLR_FD [pid 3547] <... futex resumed>) = 1 [pid 3541] <... futex resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3547] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3541] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./105/file2", [pid 288] close(3 [pid 3550] <... openat resumed>) = 4 [pid 3547] <... openat resumed>) = 4 [pid 3541] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... close resumed>) = 0 [pid 3550] ioctl(4, LOOP_CLR_FD [pid 3547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3547] <... futex resumed>) = 0 [pid 3541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 3564 attached [pid 3550] <... ioctl resumed>) = 0 [pid 3547] write(4, "#! \n", 4 [pid 3541] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3550] close(4 [pid 289] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3564 [pid 3550] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 4 [pid 3550] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(4, "", [pid 3550] <... futex resumed>) = 1 [pid 3548] <... futex resumed>) = 0 [pid 3547] <... write resumed>) = 4 [pid 3541] <... futex resumed>) = 0 [pid 3550] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3548] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3548] <... futex resumed>) = 0 [pid 3547] <... futex resumed>) = 0 [pid 3541] <... futex resumed>) = 0 [pid 3550] <... openat resumed>) = 4 [pid 3548] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3547] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] getdents64(4, [pid 3541] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3541] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3550] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3550] <... futex resumed>) = 1 [pid 3548] <... futex resumed>) = 0 [pid 3541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3548] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] getdents64(4, [pid 3550] write(4, "#! \n", 4 [pid 3548] <... futex resumed>) = 0 [pid 3550] <... write resumed>) = 4 [pid 3548] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3541] <... clone3 resumed> => {parent_tid=[3566]}, 88) = 3566 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3550] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3548] <... futex resumed>) = 0 [pid 3541] rt_sigprocmask(SIG_SETMASK, [], [pid 289] close(4 [pid 3548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3550] <... futex resumed>) = 0 [pid 3548] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3541] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 [pid 3550] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3548] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3541] <... futex resumed>) = 0 [pid 3548] <... mprotect resumed>) = 0 [pid 3541] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] rmdir("./105/file2" [pid 3548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] <... rmdir resumed>) = 0 [pid 3548] <... clone3 resumed> => {parent_tid=[3567]}, 88) = 3567 [pid 3548] rt_sigprocmask(SIG_SETMASK, [], [pid 289] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3548] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3548] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./105/binderfs", [pid 3548] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./105/binderfs"./strace-static-x86_64: Process 3567 attached ) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./105" [pid 3567] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 289] mkdir("./106", 0777 [pid 3567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3567] write(4, "#! \n", 4 [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 3567] <... write resumed>) = 4 [pid 3567] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3548] <... futex resumed>) = 0 [pid 3548] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3550] <... futex resumed>) = 0 [pid 3548] <... futex resumed>) = 1 [pid 3550] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3548] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3550] <... mmap resumed>) = 0x200000000000 [pid 3550] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3548] <... futex resumed>) = 0 [pid 3550] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3548] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3548] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3566 attached [pid 3567] <... futex resumed>) = 1 [pid 3564] set_robust_list(0x555594a056a0, 24 [pid 289] <... close resumed>) = 0 [pid 3564] <... set_robust_list resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3564] chdir("./105") = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3568 [pid 3564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3564] setpgid(0, 0) = 0 [pid 3564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3564] write(3, "1000", 4) = 4 [pid 3564] close(3executing program ) = 0 [pid 3564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3564] write(1, "executing program\n", 18) = 18 [pid 3564] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3564] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3548] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3564] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3570]}, 88) = 3570 [pid 3564] rt_sigprocmask(SIG_SETMASK, [], [pid 3567] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3566] set_robust_list(0x7f0aeccae9a0, 24 [pid 3564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3566] <... set_robust_list resumed>) = 0 [pid 3564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3566] rt_sigprocmask(SIG_SETMASK, [], [pid 3564] <... futex resumed>) = 0 [pid 3566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3566] write(4, "#! \n", 4) = 4 ./strace-static-x86_64: Process 3570 attached ./strace-static-x86_64: Process 3568 attached [pid 3566] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3570] set_robust_list(0x7f0aecccf9a0, 24 [pid 3568] set_robust_list(0x555594a056a0, 24 [pid 3570] <... set_robust_list resumed>) = 0 [pid 3568] <... set_robust_list resumed>) = 0 [pid 3548] <... futex resumed>) = ? [pid 3570] rt_sigprocmask(SIG_SETMASK, [], [pid 3568] chdir("./106" [pid 3570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3568] <... chdir resumed>) = 0 [pid 3567] <... futex resumed>) = ? [pid 3566] <... futex resumed>) = 1 [pid 3558] <... mount resumed>) = 0 [pid 3541] <... futex resumed>) = 0 [pid 3570] memfd_create("syzkaller", 0 [pid 3568] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3558] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3541] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3570] <... memfd_create resumed>) = 3 [pid 3568] <... prctl resumed>) = 0 [pid 3567] +++ killed by SIGBUS +++ [pid 3566] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3558] <... openat resumed>) = 3 [pid 3570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3568] setpgid(0, 0 [pid 3558] chdir("./file2" [pid 3547] <... futex resumed>) = 0 [pid 3541] <... futex resumed>) = 1 [pid 3570] <... mmap resumed>) = 0x7f0ae48af000 [pid 3568] <... setpgid resumed>) = 0 [pid 3558] <... chdir resumed>) = 0 [pid 3550] +++ killed by SIGBUS +++ [pid 3548] +++ killed by SIGBUS +++ [pid 3547] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3541] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3558] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3547] <... mmap resumed>) = 0x200000000000 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3548, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 3558] <... openat resumed>) = 4 [pid 3547] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3558] ioctl(4, LOOP_CLR_FD [pid 3547] <... futex resumed>) = 1 [pid 3541] <... futex resumed>) = 0 [pid 3568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3558] <... ioctl resumed>) = 0 [pid 3547] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3541] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 3568] <... openat resumed>) = 3 [pid 3558] close(4 [pid 3547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3541] <... futex resumed>) = 0 [pid 3570] <... write resumed>) = 524288 [pid 3568] write(3, "1000", 4 [pid 3558] <... close resumed>) = 0 [pid 3570] munmap(0x7f0ae48af000, 138412032 [pid 3568] <... write resumed>) = 4 [pid 3570] <... munmap resumed>) = 0 [pid 3568] close(3 [pid 3570] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3568] <... close resumed>) = 0 [pid 3570] <... openat resumed>) = 4 [pid 3568] symlink("/dev/binderfs", "./binderfs" [pid 3570] ioctl(4, LOOP_SET_FD, 3 [pid 3568] <... symlink resumed>) = 0 [pid 3568] write(1, "executing program\n", 18) = 18 [pid 3568] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3568] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3568] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3572]}, 88) = 3572 [pid 3568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 3568] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3568] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3541] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3558] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3558] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3570] <... ioctl resumed>) = 0 [pid 3570] close(3) = 0 [pid 3570] close(4./strace-static-x86_64: Process 3572 attached [pid 3572] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3572] memfd_create("syzkaller", 0) = 3 [pid 3572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3572] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3572] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3555] <... futex resumed>) = 0 [pid 3555] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3558] <... futex resumed>) = 0 [pid 3555] <... futex resumed>) = 1 [pid 3558] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3555] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3558] <... openat resumed>) = 4 [pid 3558] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3555] <... futex resumed>) = 0 [pid 3558] write(4, "#! \n", 4 [pid 3555] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3558] <... write resumed>) = 4 [pid 3555] <... futex resumed>) = 0 [pid 3558] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3555] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3558] <... futex resumed>) = 0 [pid 3555] <... futex resumed>) = 0 [pid 3558] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3555] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3573]}, 88) = 3573 [pid 3555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3555] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3555] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3573 attached [pid 3573] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3573] write(4, "#! \n", 4) = 4 [pid 3573] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3555] <... futex resumed>) = 0 [pid 3555] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3558] <... futex resumed>) = 0 [pid 3555] <... futex resumed>) = 1 [pid 3558] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3555] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3558] <... mmap resumed>) = 0x200000000000 [pid 3558] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3555] <... futex resumed>) = 0 [pid 3573] <... futex resumed>) = 1 [pid 3555] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3547] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3566] <... futex resumed>) = ? [pid 3541] <... futex resumed>) = ? [pid 3573] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3566] +++ killed by SIGBUS +++ [pid 3547] +++ killed by SIGBUS +++ [pid 3541] +++ killed by SIGBUS +++ [pid 3555] <... futex resumed>) = 0 [pid 3555] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 74.817357][ T3550] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 74.844037][ T3547] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3570] <... close resumed>) = 0 [pid 3573] <... futex resumed>) = ? [pid 3555] <... futex resumed>) = ? [pid 3573] +++ killed by SIGBUS +++ [pid 3558] +++ killed by SIGBUS +++ [pid 3555] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3555, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3570] mkdir("./file2", 0777) = 0 [pid 3570] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3572] <... openat resumed>) = 4 [pid 3572] ioctl(4, LOOP_SET_FD, 3 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 74.858227][ T3558] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3572] <... ioctl resumed>) = 0 [pid 3572] close(3) = 0 [pid 3572] close(4 [pid 3570] <... mount resumed>) = 0 [pid 3570] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3570] chdir("./file2") = 0 [pid 3570] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3572] <... close resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 3572] mkdir("./file2", 0777 [pid 290] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3572] <... mkdir resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3572] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./109/file2", [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] newfstatat(AT_FDCWD, "./106/file2", [pid 290] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3570] <... openat resumed>) = 4 [pid 291] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3570] ioctl(4, LOOP_CLR_FD [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3570] <... ioctl resumed>) = 0 [pid 291] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3570] close(4 [pid 291] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 4 [pid 287] newfstatat(AT_FDCWD, "./112/file2", [pid 3570] <... close resumed>) = 0 [pid 291] newfstatat(4, "", [pid 290] newfstatat(4, "", [pid 3570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3570] <... futex resumed>) = 1 [pid 3564] <... futex resumed>) = 0 [pid 291] getdents64(4, [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3564] <... futex resumed>) = 0 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3570] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] getdents64(4, [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] getdents64(4, [pid 3570] <... openat resumed>) = 4 [pid 291] close(4 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... openat resumed>) = 4 [pid 3570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... close resumed>) = 0 [pid 290] close(4 [pid 287] newfstatat(4, "", [pid 3564] <... futex resumed>) = 0 [pid 291] rmdir("./106/file2" [pid 290] <... close resumed>) = 0 [pid 3564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3570] <... futex resumed>) = 1 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... rmdir resumed>) = 0 [pid 3564] <... futex resumed>) = 0 [pid 3564] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] rmdir("./109/file2" [pid 3570] write(4, "#! \n", 4 [pid 3564] <... futex resumed>) = 0 [pid 291] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] getdents64(4, [pid 290] <... rmdir resumed>) = 0 [pid 3564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3564] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] newfstatat(AT_FDCWD, "./106/binderfs", [pid 3564] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3570] <... write resumed>) = 4 [pid 3564] <... mprotect resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3564] rt_sigprocmask(SIG_BLOCK, ~[], [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] newfstatat(AT_FDCWD, "./109/binderfs", [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3570] <... futex resumed>) = 0 [pid 3564] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] unlink("./106/binderfs" [pid 290] unlink("./109/binderfs" [pid 287] getdents64(4, [pid 290] <... unlink resumed>) = 0 [pid 3564] <... clone3 resumed> => {parent_tid=[3579]}, 88) = 3579 [pid 291] <... unlink resumed>) = 0 [pid 290] getdents64(3, [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3564] rt_sigprocmask(SIG_SETMASK, [], [pid 291] getdents64(3, [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 290] close(3 [pid 3564] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 287] <... close resumed>) = 0 [pid 3564] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 287] rmdir("./112/file2" [pid 3564] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] rmdir("./106" [pid 290] rmdir("./109") = 0 [pid 291] <... rmdir resumed>) = 0 [pid 290] mkdir("./110", 0777 [pid 291] mkdir("./107", 0777 [pid 287] <... rmdir resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 287] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... openat resumed>) = 3 [pid 291] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] newfstatat(AT_FDCWD, "./112/binderfs", [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3 [pid 290] close(3 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 287] unlink("./112/binderfs" [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... unlink resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3580 [pid 287] getdents64(3, [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3581 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./112"./strace-static-x86_64: Process 3579 attached [pid 3572] <... mount resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 3580 attached [pid 3579] set_robust_list(0x7f0aeccae9a0, 24 [pid 3572] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 287] mkdir("./113", 0777 [pid 3580] set_robust_list(0x555594a056a0, 24 [pid 3579] <... set_robust_list resumed>) = 0 [pid 3572] <... openat resumed>) = 3 [pid 3572] chdir("./file2"./strace-static-x86_64: Process 3581 attached [pid 3580] <... set_robust_list resumed>) = 0 [pid 3579] rt_sigprocmask(SIG_SETMASK, [], [pid 3572] <... chdir resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 3581] set_robust_list(0x555594a056a0, 24 [pid 3580] chdir("./110" [pid 3579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3572] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3581] <... set_robust_list resumed>) = 0 [pid 3580] <... chdir resumed>) = 0 [pid 3579] write(4, "#! \n", 4 [pid 3572] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 3581] chdir("./107" [pid 3580] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3579] <... write resumed>) = 4 [pid 3572] ioctl(4, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 3581] <... chdir resumed>) = 0 [pid 3580] <... prctl resumed>) = 0 [pid 3579] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3572] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3581] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3580] setpgid(0, 0 [pid 3579] <... futex resumed>) = 1 [pid 3572] close(4 [pid 3564] <... futex resumed>) = 0 [pid 287] close(3 [pid 3581] <... prctl resumed>) = 0 [pid 3580] <... setpgid resumed>) = 0 [pid 3579] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3572] <... close resumed>) = 0 [pid 3564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... close resumed>) = 0 [pid 3580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3572] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3570] <... futex resumed>) = 0 [pid 3564] <... futex resumed>) = 1 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3580] <... openat resumed>) = 3 [pid 3572] <... futex resumed>) = 1 [pid 3570] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3568] <... futex resumed>) = 0 [pid 3564] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3572] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3568] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] write(3, "1000", 4 [pid 3572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3570] <... mmap resumed>) = 0x200000000000 [pid 3568] <... futex resumed>) = 0 [pid 3581] setpgid(0, 0 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3582 [pid 3580] <... write resumed>) = 4 [pid 3572] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3570] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3568] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3581] <... setpgid resumed>) = 0 [pid 3580] close(3 [pid 3572] <... openat resumed>) = 4 [pid 3570] <... futex resumed>) = 1 [pid 3564] <... futex resumed>) = 0 [pid 3580] <... close resumed>) = 0 [pid 3572] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3570] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3564] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3580] symlink("/dev/binderfs", "./binderfs" [pid 3572] <... futex resumed>) = 1 [pid 3570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3568] <... futex resumed>) = 0 [pid 3564] <... futex resumed>) = 0 [pid 3580] <... symlink resumed>) = 0 [pid 3572] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3568] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3568] <... futex resumed>) = 0 [pid 3572] write(4, "#! \n", 4 [pid 3568] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3572] <... write resumed>) = 4 [pid 3568] <... futex resumed>) = 0 [pid 3572] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3572] <... futex resumed>) = 0 [pid 3568] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3572] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3568] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3583]}, 88) = 3583 [pid 3568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3568] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3568] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3582 attached [pid 3582] set_robust_list(0x555594a056a0, 24) = 0 [pid 3582] chdir("./113") = 0 [pid 3582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3582] setpgid(0, 0) = 0 [pid 3582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3582] write(3, "1000", 4) = 4 [pid 3582] close(3) = 0 [pid 3582] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 3582] write(1, "executing program\n", 18) = 18 [pid 3582] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3582] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3582] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3582] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3584]}, 88) = 3584 [pid 3582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3582] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3582] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3583 attached [pid 3583] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3583] write(4, "#! \n", 4) = 4 [pid 3583] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3568] <... futex resumed>) = 0 [pid 3568] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3572] <... futex resumed>) = 0 [pid 3568] <... futex resumed>) = 1 [pid 3572] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3568] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3572] <... mmap resumed>) = 0x200000000000 [pid 3572] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3568] <... futex resumed>) = 0 [pid 3572] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3568] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) executing program [pid 3568] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3584 attached [pid 3583] <... futex resumed>) = 1 [pid 3581] <... openat resumed>) = 3 [pid 3580] write(1, "executing program\n", 18 [pid 3570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3564] write(1, "executing program\n", 18 [pid 3584] set_robust_list(0x7f0aecccf9a0, 24 [pid 3583] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3581] write(3, "1000", 4 [pid 3580] <... write resumed>) = 18 [pid 3579] <... futex resumed>) = ? [pid 3584] <... set_robust_list resumed>) = 0 [pid 3581] <... write resumed>) = 4 [pid 3580] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3579] +++ killed by SIGBUS +++ [pid 3584] rt_sigprocmask(SIG_SETMASK, [], [pid 3581] close(3 [pid 3580] <... futex resumed>) = 0 [pid 3570] +++ killed by SIGBUS +++ [pid 3564] +++ killed by SIGBUS +++ [pid 3584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3581] <... close resumed>) = 0 [pid 3580] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3584] memfd_create("syzkaller", 0 [pid 3581] symlink("/dev/binderfs", "./binderfs" [pid 3580] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3584] <... memfd_create resumed>) = 3 [pid 3581] <... symlink resumed>) = 0 executing program [pid 3580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3581] write(1, "executing program\n", 18 [pid 3580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3584] <... mmap resumed>) = 0x7f0ae48af000 [pid 3581] <... write resumed>) = 18 [pid 3580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3581] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3581] <... futex resumed>) = 0 [pid 3580] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3581] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3580] <... mprotect resumed>) = 0 [pid 3581] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3580] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3572] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3568] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3580] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3583] <... futex resumed>) = ? [pid 3581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3580] <... clone3 resumed> => {parent_tid=[3585]}, 88) = 3585 [pid 3581] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3580] rt_sigprocmask(SIG_SETMASK, [], [pid 3581] <... mprotect resumed>) = 0 [pid 3580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3581] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3580] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3581] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3580] <... futex resumed>) = 0 [pid 3581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3580] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3581] <... clone3 resumed> => {parent_tid=[3586]}, 88) = 3586 [pid 3581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3568] <... futex resumed>) = ? [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3564, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 3581] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3581] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3583] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3586 attached ./strace-static-x86_64: Process 3585 attached [pid 3572] +++ killed by SIGBUS +++ [pid 3568] +++ killed by SIGBUS +++ [pid 288] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3568, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3586] set_robust_list(0x7f0aecccf9a0, 24 [pid 3585] set_robust_list(0x7f0aecccf9a0, 24 [pid 3584] <... write resumed>) = 524288 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3584] munmap(0x7f0ae48af000, 138412032) = 0 [pid 288] <... openat resumed>) = 3 [pid 3586] <... set_robust_list resumed>) = 0 [pid 3585] <... set_robust_list resumed>) = 0 [pid 288] newfstatat(3, "", [pid 3584] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3584] <... openat resumed>) = 4 [pid 288] getdents64(3, [pid 3584] ioctl(4, LOOP_SET_FD, 3 [pid 3586] rt_sigprocmask(SIG_SETMASK, [], [pid 3585] rt_sigprocmask(SIG_SETMASK, [], [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3586] memfd_create("syzkaller", 0 [pid 3585] memfd_create("syzkaller", 0 [pid 3584] <... ioctl resumed>) = 0 [pid 3585] <... memfd_create resumed>) = 3 [pid 3585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3586] <... memfd_create resumed>) = 3 [pid 3584] close(3 [pid 3586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3584] <... close resumed>) = 0 [pid 3586] <... mmap resumed>) = 0x7f0ae48af000 [pid 3584] close(4 [pid 3585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3585] <... write resumed>) = 524288 [pid 3585] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3585] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3586] <... write resumed>) = 524288 [pid 3586] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3586] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./105/file2") = 0 [pid 288] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./105/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./105") = 0 [pid 288] mkdir("./106", 0777) = 0 [ 75.041830][ T3570] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 75.052516][ T3572] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3585] <... openat resumed>) = 4 [pid 3585] ioctl(4, LOOP_SET_FD, 3 [pid 3586] <... openat resumed>) = 4 [pid 3586] ioctl(4, LOOP_SET_FD, 3 [pid 3584] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 3584] mkdir("./file2", 0777 [pid 288] ioctl(3, LOOP_CLR_FD [pid 3584] <... mkdir resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3584] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... umount2 resumed>) = 0 [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3588 ./strace-static-x86_64: Process 3588 attached [pid 3588] set_robust_list(0x555594a056a0, 24) = 0 [pid 3588] chdir("./106") = 0 [pid 3588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3588] setpgid(0, 0) = 0 [pid 3588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3588] write(3, "1000", 4) = 4 [pid 3588] close(3) = 0 [pid 3588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3588] write(1, "executing program\n", 18executing program ) = 18 [pid 3588] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3588] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3588] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 289] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3588] <... mprotect resumed>) = 0 [pid 3588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3589]}, 88) = 3589 [pid 3588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./106/file2", [pid 3588] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3588] <... futex resumed>) = 0 [pid 3588] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3589 attached [pid 289] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3589] set_robust_list(0x7f0aecccf9a0, 24 [pid 289] getdents64(4, [pid 3589] <... set_robust_list resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3585] <... ioctl resumed>) = 0 [pid 3589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3589] memfd_create("syzkaller", 0) = 3 [pid 3589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3585] close(3 [pid 3584] <... mount resumed>) = 0 [pid 289] close(4 [pid 3584] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3585] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3584] <... openat resumed>) = 3 [pid 289] rmdir("./106/file2" [pid 3585] close(4 [pid 3584] chdir("./file2") = 0 [pid 3584] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./106/binderfs") = 0 [pid 3586] <... ioctl resumed>) = 0 [pid 3585] <... close resumed>) = 0 [pid 3584] <... openat resumed>) = 4 [pid 3585] mkdir("./file2", 0777 [pid 3584] ioctl(4, LOOP_CLR_FD [pid 3585] <... mkdir resumed>) = 0 [pid 3584] <... ioctl resumed>) = 0 [pid 3585] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3584] close(4) = 0 [pid 3584] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3582] <... futex resumed>) = 0 [pid 3584] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3582] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3586] close(3 [pid 3582] <... futex resumed>) = 0 [pid 289] getdents64(3, [pid 3584] <... openat resumed>) = 4 [pid 3582] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3584] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3582] <... futex resumed>) = 0 [pid 3584] write(4, "#! \n", 4 [pid 3582] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3584] <... write resumed>) = 4 [pid 3582] <... futex resumed>) = 0 [pid 3584] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3582] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3584] <... futex resumed>) = 0 [pid 3582] <... futex resumed>) = 0 [pid 3584] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3586] <... close resumed>) = 0 [pid 3582] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3586] close(4 [pid 289] close(3 [pid 3586] <... close resumed>) = 0 [pid 3586] mkdir("./file2", 0777 [pid 289] <... close resumed>) = 0 [pid 3582] <... mprotect resumed>) = 0 [pid 289] rmdir("./106" [pid 3582] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3586] <... mkdir resumed>) = 0 [pid 3582] <... rt_sigprocmask resumed>[], 8) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 3589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3586] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] mkdir("./107", 0777 [pid 3582] <... clone3 resumed> => {parent_tid=[3594]}, 88) = 3594 [pid 3582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3582] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3582] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3594 attached [pid 3594] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3594] write(4, "#! \n", 4 [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3594] <... write resumed>) = 4 [pid 3594] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3582] <... futex resumed>) = 0 [pid 3594] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3582] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3584] <... futex resumed>) = 0 [pid 3582] <... futex resumed>) = 1 [pid 3584] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3582] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3584] <... mmap resumed>) = 0x200000000000 [pid 3584] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3582] <... futex resumed>) = 0 [pid 3589] <... write resumed>) = 524288 [pid 3582] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3589] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3585] <... mount resumed>) = 0 [pid 3585] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3585] chdir("./file2") = 0 [pid 3585] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3582] <... futex resumed>) = 0 [pid 3582] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3584] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3594] <... futex resumed>) = ? [pid 3582] <... futex resumed>) = ? [pid 3594] +++ killed by SIGBUS +++ [pid 3584] +++ killed by SIGBUS +++ [pid 3582] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3582, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... openat resumed>) = 3 [pid 3589] <... openat resumed>) = 4 [pid 3585] <... openat resumed>) = 4 [pid 289] ioctl(3, LOOP_CLR_FD [pid 3585] ioctl(4, LOOP_CLR_FD [pid 3589] ioctl(4, LOOP_SET_FD, 3 [pid 3586] <... mount resumed>) = 0 [pid 3586] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3586] chdir("./file2") = 0 [ 75.218807][ T3584] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3586] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3585] <... ioctl resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... umount2 resumed>) = 0 [pid 3589] <... ioctl resumed>) = 0 [pid 3589] close(3 [pid 3586] <... openat resumed>) = 4 [pid 3585] close(4 [pid 289] close(3 [pid 287] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3586] ioctl(4, LOOP_CLR_FD) = 0 [pid 3586] close(4 [pid 3589] <... close resumed>) = 0 [pid 3586] <... close resumed>) = 0 [pid 3585] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3589] close(4) = 0 [pid 3586] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] newfstatat(AT_FDCWD, "./113/file2", [pid 3586] <... futex resumed>) = 1 [pid 3581] <... futex resumed>) = 0 [pid 3586] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3581] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3586] <... openat resumed>) = 4 [pid 3581] <... futex resumed>) = 0 [pid 3586] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3581] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3586] <... futex resumed>) = 0 [pid 3581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3586] write(4, "#! \n", 4 [pid 3581] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] mkdir("./file2", 0777 [pid 3586] <... write resumed>) = 4 [pid 3585] <... futex resumed>) = 1 [pid 3581] <... futex resumed>) = 0 [pid 3580] <... futex resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3600 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3586] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3581] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3586] <... futex resumed>) = 0 [pid 3581] <... futex resumed>) = 0 [pid 3580] <... futex resumed>) = 0 [pid 3589] <... mkdir resumed>) = 0 [pid 3586] write(4, "#! \n", 4 [pid 3585] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3581] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3580] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3589] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3586] <... write resumed>) = 4 [pid 3585] <... openat resumed>) = 4 [pid 3586] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3586] <... futex resumed>) = 1 [pid 3585] <... futex resumed>) = 1 [pid 3581] <... futex resumed>) = 0 [pid 3580] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3586] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3585] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3581] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3581] <... futex resumed>) = 0 [pid 3580] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 3586] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3585] write(4, "#! \n", 4 [pid 3581] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3580] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(4, "", [pid 3586] <... mmap resumed>) = 0x200000000000 [pid 3585] <... write resumed>) = 4 [pid 3580] <... futex resumed>) = 0 [pid 3586] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3586] <... futex resumed>) = 1 [pid 3585] <... futex resumed>) = 0 [pid 3581] <... futex resumed>) = 0 [pid 3580] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3586] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3585] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3581] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3580] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] getdents64(4, [pid 3586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3581] <... futex resumed>) = 0 [pid 3580] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 3600 attached [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3600] set_robust_list(0x555594a056a0, 24 [pid 287] getdents64(4, [pid 3600] <... set_robust_list resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3600] chdir("./107" [pid 287] close(4 [pid 3600] <... chdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3600] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] rmdir("./113/file2" [pid 3600] <... prctl resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3600] setpgid(0, 0 [pid 287] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3600] <... setpgid resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] newfstatat(AT_FDCWD, "./113/binderfs", [pid 3600] <... openat resumed>) = 3 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3600] write(3, "1000", 4 [pid 287] unlink("./113/binderfs" [pid 3600] <... write resumed>) = 4 [pid 287] <... unlink resumed>) = 0 [pid 3600] close(3 [pid 287] getdents64(3, [pid 3600] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3600] symlink("/dev/binderfs", "./binderfs" executing program [pid 287] close(3 [pid 3600] <... symlink resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 3600] write(1, "executing program\n", 18 [pid 287] rmdir("./113" [pid 3600] <... write resumed>) = 18 [pid 287] <... rmdir resumed>) = 0 [pid 3600] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] mkdir("./114", 0777 [pid 3600] <... futex resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 3600] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3600] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3581] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3580] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... openat resumed>) = 3 [pid 3600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3580] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 3600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] close(3./strace-static-x86_64: Process 3603 attached [pid 3600] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3580] <... clone3 resumed> => {parent_tid=[3603]}, 88) = 3603 [pid 287] <... close resumed>) = 0 [pid 3600] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3600] <... mprotect resumed>) = 0 [pid 3600] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3605 [pid 3600] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3580] rt_sigprocmask(SIG_SETMASK, [], [pid 3603] set_robust_list(0x7f0aeccae9a0, 24 [pid 3600] <... clone3 resumed> => {parent_tid=[3606]}, 88) = 3606 [pid 3580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3600] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 3606 attached ./strace-static-x86_64: Process 3605 attached [pid 3603] <... set_robust_list resumed>) = 0 [pid 3600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3586] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3580] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3606] set_robust_list(0x7f0aecccf9a0, 24 [pid 3605] set_robust_list(0x555594a056a0, 24 [pid 3603] rt_sigprocmask(SIG_SETMASK, [], [pid 3581] <... futex resumed>) = ? [pid 3580] <... futex resumed>) = 0 [pid 3606] <... set_robust_list resumed>) = 0 [pid 3605] <... set_robust_list resumed>) = 0 [pid 3603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3600] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] <... mount resumed>) = 0 [pid 3580] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3606] rt_sigprocmask(SIG_SETMASK, [], [pid 3605] chdir("./114" [pid 3603] write(4, "#! \n", 4 [pid 3600] <... futex resumed>) = 0 [pid 3589] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3605] <... chdir resumed>) = 0 [pid 3603] <... write resumed>) = 4 [pid 3600] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3589] <... openat resumed>) = 3 [pid 3606] memfd_create("syzkaller", 0 [pid 3603] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] chdir("./file2" [pid 3606] <... memfd_create resumed>) = 3 [pid 3605] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3603] <... futex resumed>) = 1 [pid 3589] <... chdir resumed>) = 0 [pid 3580] <... futex resumed>) = 0 [pid 3606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3605] <... prctl resumed>) = 0 [pid 3603] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3589] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3580] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3606] <... mmap resumed>) = 0x7f0ae48af000 [pid 3605] setpgid(0, 0 [pid 3589] <... openat resumed>) = 4 [pid 3580] <... futex resumed>) = 1 [pid 3589] ioctl(4, LOOP_CLR_FD [pid 3585] <... futex resumed>) = 0 [pid 3580] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3605] <... setpgid resumed>) = 0 [pid 3589] <... ioctl resumed>) = 0 [pid 3585] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3589] close(4 [pid 3606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3589] <... close resumed>) = 0 [pid 3586] +++ killed by SIGBUS +++ [pid 3585] <... mmap resumed>) = 0x200000000000 [pid 3581] +++ killed by SIGBUS +++ [pid 3606] <... write resumed>) = 524288 [pid 3605] <... openat resumed>) = 3 [pid 3589] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3585] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3605] write(3, "1000", 4 [pid 3589] <... futex resumed>) = 1 [pid 3588] <... futex resumed>) = 0 [pid 3585] <... futex resumed>) = 1 [pid 3580] <... futex resumed>) = 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3581, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 3605] <... write resumed>) = 4 [pid 3589] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3588] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3585] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3580] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3605] close(3 [pid 3589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3588] <... futex resumed>) = 0 [pid 3585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3580] <... futex resumed>) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 3606] munmap(0x7f0ae48af000, 138412032 [pid 3605] <... close resumed>) = 0 [pid 3589] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3588] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3589] <... openat resumed>) = 4 [pid 3589] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3589] <... futex resumed>) = 1 [pid 3588] <... futex resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3589] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3588] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3606] <... munmap resumed>) = 0 [pid 3589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3588] <... futex resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 3606] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3589] write(4, "#! \n", 4 [pid 3588] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(3, "", [pid 3606] <... openat resumed>) = 4 [pid 3589] <... write resumed>) = 4 [pid 3588] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3606] ioctl(4, LOOP_SET_FD, 3 [pid 3589] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] getdents64(3, [pid 3589] <... futex resumed>) = 0 [pid 3588] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3589] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3588] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 291] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3588] <... mprotect resumed>) = 0 [pid 3588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3607]}, 88) = 3607 [pid 3588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3588] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3588] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3607 attached [pid 3607] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3607] write(4, "#! \n", 4) = 4 [pid 3607] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3588] <... futex resumed>) = 0 [pid 3588] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] <... futex resumed>) = 0 [pid 3588] <... futex resumed>) = 1 [pid 3589] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3588] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3589] <... mmap resumed>) = 0x200000000000 [pid 3589] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3588] <... futex resumed>) = 0 [pid 3589] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3588] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3588] <... futex resumed>) = 0 [pid 3607] <... futex resumed>) = 1 [pid 3605] symlink("/dev/binderfs", "./binderfs"executing program [pid 3585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3580] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3605] <... symlink resumed>) = 0 [ 75.315448][ T3586] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 75.348429][ T3585] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3605] write(1, "executing program\n", 18) = 18 [pid 3605] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3605] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3605] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3605] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3605] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3609]}, 88) = 3609 [pid 3605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3603] <... futex resumed>) = ? [pid 3580] <... futex resumed>) = ? [pid 3607] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3603] +++ killed by SIGBUS +++ [pid 3585] +++ killed by SIGBUS +++ [pid 3580] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3580, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3588] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3609 attached [pid 3609] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3609] memfd_create("syzkaller", 0) = 3 [pid 3609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3609] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3609] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3606] <... ioctl resumed>) = 0 [pid 3606] close(3) = 0 [pid 3606] close(4 [pid 3609] <... openat resumed>) = 4 [pid 3589] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3606] <... close resumed>) = 0 [pid 3606] mkdir("./file2", 0777) = 0 [pid 3606] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3609] ioctl(4, LOOP_SET_FD, 3 [pid 3607] <... futex resumed>) = ? [pid 3588] <... futex resumed>) = ? [pid 3607] +++ killed by SIGBUS +++ [pid 3589] +++ killed by SIGBUS +++ [pid 3588] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3588, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./107/file2") = 0 [pid 291] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./107/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3executing program ) = 0 [pid 291] rmdir("./107") = 0 [pid 291] mkdir("./108", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3610 ./strace-static-x86_64: Process 3610 attached [pid 3610] set_robust_list(0x555594a056a0, 24) = 0 [pid 3610] chdir("./108") = 0 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3610] write(1, "executing program\n", 18) = 18 [pid 3610] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3610] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3610] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3610] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3610] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3611]}, 88) = 3611 [pid 3610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3611 attached [pid 3611] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3611] memfd_create("syzkaller", 0) = 3 [pid 3611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3611] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3611] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3611] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3611] close(3) = 0 [pid 3611] close(4 [pid 3609] <... ioctl resumed>) = 0 [pid 3609] close(3) = 0 [ 75.354626][ T3589] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3609] close(4 [pid 3606] <... mount resumed>) = 0 [pid 3606] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3606] chdir("./file2") = 0 [pid 3606] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3611] <... close resumed>) = 0 [pid 3611] mkdir("./file2", 0777) = 0 [pid 3611] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3609] <... close resumed>) = 0 [pid 3609] mkdir("./file2", 0777) = 0 [pid 3609] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./110/file2", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] newfstatat(AT_FDCWD, "./106/file2", [pid 290] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 290] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 290] getdents64(4, [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] getdents64(4, [pid 290] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] <... close resumed>) = 0 [pid 288] close(4 [pid 290] rmdir("./110/file2" [pid 288] <... close resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 288] rmdir("./106/file2" [pid 290] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... rmdir resumed>) = 0 [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] newfstatat(AT_FDCWD, "./110/binderfs", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] newfstatat(AT_FDCWD, "./106/binderfs", [pid 290] unlink("./110/binderfs" [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] <... unlink resumed>) = 0 [pid 288] unlink("./106/binderfs" [pid 290] getdents64(3, [pid 288] <... unlink resumed>) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] getdents64(3, [pid 290] close(3 [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] <... close resumed>) = 0 [pid 288] close(3 [pid 290] rmdir("./110" [pid 288] <... close resumed>) = 0 [pid 290] <... rmdir resumed>) = 0 [pid 288] rmdir("./106" [pid 290] mkdir("./111", 0777 [pid 288] <... rmdir resumed>) = 0 [pid 3606] <... openat resumed>) = 4 [pid 290] <... mkdir resumed>) = 0 [pid 288] mkdir("./107", 0777 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... mkdir resumed>) = 0 [pid 290] <... openat resumed>) = 3 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 290] ioctl(3, LOOP_CLR_FD [pid 288] <... openat resumed>) = 3 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] ioctl(3, LOOP_CLR_FD [pid 290] close(3 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3606] ioctl(4, LOOP_CLR_FD [pid 290] <... close resumed>) = 0 [pid 288] close(3 [pid 3606] <... ioctl resumed>) = 0 [pid 3606] close(4 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... close resumed>) = 0 [pid 3606] <... close resumed>) = 0 [pid 3606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3600] <... futex resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3600] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3600] <... futex resumed>) = 0 [pid 3606] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3600] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3609] <... mount resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3618 [pid 3609] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3606] <... openat resumed>) = 4 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3620 [pid 3606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... openat resumed>) = 3 [pid 3606] <... futex resumed>) = 1 [pid 3600] <... futex resumed>) = 0 [pid 3606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3600] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] chdir("./file2" [pid 3606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3600] <... futex resumed>) = 0 [pid 3606] write(4, "#! \n", 4 [pid 3600] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... chdir resumed>) = 0 [pid 3606] <... write resumed>) = 4 [pid 3600] <... futex resumed>) = 0 [pid 3609] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3609] <... openat resumed>) = 4 [pid 3606] <... futex resumed>) = 0 [pid 3609] ioctl(4, LOOP_CLR_FD [pid 3606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3600] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3609] <... ioctl resumed>) = 0 [pid 3600] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3609] close(4) = 0 [pid 3600] <... mprotect resumed>) = 0 [pid 3609] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3605] <... futex resumed>) = 0 [pid 3600] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3609] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3600] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3609] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3605] <... futex resumed>) = 0 [pid 3600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3609] <... openat resumed>) = 4 [pid 3609] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3609] <... futex resumed>) = 0 [pid 3605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3609] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3605] <... futex resumed>) = 0 [pid 3600] <... clone3 resumed> => {parent_tid=[3621]}, 88) = 3621 [pid 3609] write(4, "#! \n", 4) = 4 [pid 3605] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3600] rt_sigprocmask(SIG_SETMASK, [], [pid 3609] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3605] <... futex resumed>) = 0 [pid 3600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3609] <... futex resumed>) = 0 [pid 3605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3600] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3605] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3600] <... futex resumed>) = 0 [pid 3605] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3600] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3605] <... mprotect resumed>) = 0 [pid 3605] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3622 attached => {parent_tid=[3622]}, 88) = 3622 [pid 3605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3605] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3621 attached ./strace-static-x86_64: Process 3620 attached [pid 3605] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] set_robust_list(0x7f0aeccae9a0, 24 [pid 3620] set_robust_list(0x555594a056a0, 24 [pid 3622] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3622] write(4, "#! \n", 4) = 4 [pid 3622] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... set_robust_list resumed>) = 0 [pid 3620] <... set_robust_list resumed>) = 0 [pid 3605] <... futex resumed>) = 0 [pid 3621] rt_sigprocmask(SIG_SETMASK, [], [pid 3620] chdir("./107" [pid 3605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3609] <... futex resumed>) = 0 [pid 3605] <... futex resumed>) = 1 [pid 3620] <... chdir resumed>) = 0 [pid 3621] write(4, "#! \n", 4 [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3609] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3609] <... mmap resumed>) = 0x200000000000 [pid 3609] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3605] <... futex resumed>) = 0 [pid 3621] <... write resumed>) = 4 [pid 3620] <... prctl resumed>) = 0 [pid 3609] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3605] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3605] <... futex resumed>) = 0 [pid 3620] setpgid(0, 0./strace-static-x86_64: Process 3618 attached [pid 3618] set_robust_list(0x555594a056a0, 24) = 0 [pid 3618] chdir("./111") = 0 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setpgid(0, 0) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3618] write(1, "executing program\n", 18executing program ) = 18 [pid 3618] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3618] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3624]}, 88) = 3624 [pid 3618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3618] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3624 attached [pid 3624] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3624] memfd_create("syzkaller", 0) = 3 [pid 3624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3624] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3624] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3624] ioctl(4, LOOP_SET_FD, 3 [pid 3621] <... futex resumed>) = 1 [pid 3621] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3605] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] <... setpgid resumed>) = 0 [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3620] write(3, "1000", 4) = 4 [pid 3620] close(3) = 0 [pid 3620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3620] write(1, "executing program\n", 18executing program [pid 3600] <... futex resumed>) = 0 [pid 3620] <... write resumed>) = 18 [pid 3620] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3600] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3606] <... futex resumed>) = 0 [pid 3620] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3611] <... mount resumed>) = 0 [pid 3606] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3600] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3606] <... mmap resumed>) = 0x200000000000 [pid 3624] <... ioctl resumed>) = 0 [pid 3611] <... openat resumed>) = 3 [pid 3606] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3611] chdir("./file2" [pid 3609] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3606] <... futex resumed>) = 1 [pid 3600] <... futex resumed>) = 0 [pid 3620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3611] <... chdir resumed>) = 0 [pid 3606] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3600] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = ? [pid 3606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3600] <... futex resumed>) = 0 [pid 3624] close(3) = 0 [pid 3624] close(4 [pid 3620] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3620] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3626]}, 88) = 3626 [pid 3620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3620] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3626 attached [pid 3626] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3626] memfd_create("syzkaller", 0) = 3 [pid 3626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3626] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3626] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3611] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3605] <... futex resumed>) = ? [pid 3600] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] +++ killed by SIGBUS +++ [pid 3609] +++ killed by SIGBUS +++ [pid 3605] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3605, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3606] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3621] <... futex resumed>) = ? [pid 3600] <... futex resumed>) = ? [pid 3621] +++ killed by SIGBUS +++ [pid 3606] +++ killed by SIGBUS +++ [pid 3600] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3600, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 289] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, [pid 289] <... openat resumed>) = 3 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3624] <... close resumed>) = 0 [pid 3624] mkdir("./file2", 0777) = 0 [ 75.581913][ T3609] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 75.600428][ T3606] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3624] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3611] <... openat resumed>) = 4 [pid 3611] ioctl(4, LOOP_CLR_FD [pid 3626] <... openat resumed>) = 4 [pid 3611] <... ioctl resumed>) = 0 [pid 3626] ioctl(4, LOOP_SET_FD, 3 [pid 3611] close(4executing program [pid 3626] <... ioctl resumed>) = 0 [pid 3626] close(3) = 0 [pid 3626] close(4 [pid 289] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./114/file2") = 0 [pid 287] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./114/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./114") = 0 [pid 287] mkdir("./115", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3628 ./strace-static-x86_64: Process 3628 attached [pid 3628] set_robust_list(0x555594a056a0, 24) = 0 [pid 3628] chdir("./115") = 0 [pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3628] setpgid(0, 0) = 0 [pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3628] write(3, "1000", 4) = 4 [pid 3628] close(3) = 0 [pid 3628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3628] write(1, "executing program\n", 18) = 18 [pid 3628] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3628] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3626] <... close resumed>) = 0 [pid 3611] <... close resumed>) = 0 [pid 3628] <... clone3 resumed> => {parent_tid=[3629]}, 88) = 3629 [pid 3628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3629 attached [pid 3629] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3629] memfd_create("syzkaller", 0) = 3 [pid 3629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3626] mkdir("./file2", 0777 [pid 3611] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... write resumed>) = 524288 [pid 3629] munmap(0x7f0ae48af000, 138412032 [pid 3626] <... mkdir resumed>) = 0 [pid 3611] <... futex resumed>) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3626] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3611] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... munmap resumed>) = 0 [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3629] ioctl(4, LOOP_SET_FD, 3 [pid 3610] <... futex resumed>) = 0 [pid 3611] <... openat resumed>) = 4 [pid 3610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3611] write(4, "#! \n", 4 [pid 3610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] <... write resumed>) = 4 [pid 3610] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3611] <... futex resumed>) = 0 [pid 3610] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3611] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3610] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3610] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 289] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3610] <... clone3 resumed> => {parent_tid=[3633]}, 88) = 3633 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3610] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] newfstatat(AT_FDCWD, "./107/file2", [pid 3610] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3633 attached [pid 3610] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3633] set_robust_list(0x7f0aeccae9a0, 24 [pid 3629] <... ioctl resumed>) = 0 [pid 3624] <... mount resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3624] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3624] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 4 [pid 3624] chdir("./file2" [pid 289] newfstatat(4, "", [pid 3624] <... chdir resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3624] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] getdents64(4, [pid 3624] <... openat resumed>) = 4 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3624] ioctl(4, LOOP_CLR_FD [pid 289] getdents64(4, [pid 3624] <... ioctl resumed>) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3624] close(4 [pid 289] close(4 [pid 3624] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 3624] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] rmdir("./107/file2" [pid 3624] <... futex resumed>) = 1 [pid 289] <... rmdir resumed>) = 0 [pid 3624] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./107/binderfs", [pid 3618] <... futex resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./107/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./107") = 0 [pid 289] mkdir("./108", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3634 [pid 3629] close(3) = 0 [pid 3629] close(4 [pid 3633] <... set_robust_list resumed>) = 0 [pid 3633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3633] write(4, "#! \n", 4) = 4 [pid 3633] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3610] <... futex resumed>) = 1 [pid 3611] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] <... mmap resumed>) = 0x200000000000 [pid 3611] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3611] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3610] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3634 attached [pid 3633] <... futex resumed>) = 1 [pid 3629] <... close resumed>) = 0 [pid 3618] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3629] mkdir("./file2", 0777 [pid 3624] <... futex resumed>) = 0 [pid 3618] <... futex resumed>) = 1 [pid 3634] set_robust_list(0x555594a056a0, 24 [pid 3629] <... mkdir resumed>) = 0 executing program [pid 3624] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3618] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3629] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3611] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3610] <... futex resumed>) = ? [pid 3634] <... set_robust_list resumed>) = 0 [pid 3624] <... openat resumed>) = 4 [pid 3634] chdir("./108" [pid 3624] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3633] <... futex resumed>) = ? [pid 3624] write(4, "#! \n", 4 [pid 3618] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... chdir resumed>) = 0 [pid 3624] <... write resumed>) = 4 [pid 3618] <... futex resumed>) = 0 [pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3624] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... prctl resumed>) = 0 [pid 3624] <... futex resumed>) = 0 [pid 3618] <... futex resumed>) = 0 [pid 3618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3624] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3618] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3618] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3634] setpgid(0, 0 [pid 3618] <... mprotect resumed>) = 0 [pid 3634] <... setpgid resumed>) = 0 [pid 3618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3618] <... clone3 resumed> => {parent_tid=[3635]}, 88) = 3635 [pid 3618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3618] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... openat resumed>) = 3 [pid 3634] write(3, "1000", 4) = 4 [pid 3634] close(3) = 0 [pid 3634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3634] write(1, "executing program\n", 18) = 18 [pid 3634] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3634] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3636]}, 88) = 3636 [pid 3634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3634] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3635] write(4, "#! \n", 4) = 4 [pid 3635] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3635] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3618] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3618] <... futex resumed>) = 1 [pid 3624] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3618] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3624] <... mmap resumed>) = 0x200000000000 [pid 3624] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3624] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3618] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3633] +++ killed by SIGBUS +++ [pid 3618] <... futex resumed>) = 0 [pid 3611] +++ killed by SIGBUS +++ [pid 3610] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3610, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3636] memfd_create("syzkaller", 0) = 3 [pid 3636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3636] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3636] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3636] ioctl(4, LOOP_SET_FD, 3 [pid 3618] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... ioctl resumed>) = 0 [pid 3636] close(3) = 0 [pid 3636] close(4 [pid 3626] <... mount resumed>) = 0 [pid 3626] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3626] chdir("./file2") = 0 [pid 3626] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3629] <... mount resumed>) = 0 [pid 3629] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3629] chdir("./file2") = 0 [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3624] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3635] <... futex resumed>) = ? [pid 3618] <... futex resumed>) = ? [pid 3635] +++ killed by SIGBUS +++ [pid 3624] +++ killed by SIGBUS +++ [pid 3618] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3618, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3636] <... close resumed>) = 0 [pid 3636] mkdir("./file2", 0777) = 0 [ 75.825412][ T3611] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 75.848174][ T3624] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3636] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3626] <... openat resumed>) = 4 [pid 3626] ioctl(4, LOOP_CLR_FD [pid 3629] <... openat resumed>) = 4 [pid 3626] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 3629] ioctl(4, LOOP_CLR_FD [pid 3626] close(4 [pid 3629] <... ioctl resumed>) = 0 [pid 3626] <... close resumed>) = 0 [pid 3629] close(4 [pid 291] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3626] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... umount2 resumed>) = 0 [pid 3629] <... close resumed>) = 0 [pid 3626] <... futex resumed>) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3629] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 1 [pid 3628] <... futex resumed>) = 0 [pid 3626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3620] <... futex resumed>) = 0 [pid 3629] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3620] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3628] <... futex resumed>) = 0 [pid 3629] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3626] <... openat resumed>) = 4 [pid 3629] <... openat resumed>) = 4 [pid 3626] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] <... futex resumed>) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3629] <... futex resumed>) = 1 [pid 3628] <... futex resumed>) = 0 [pid 3629] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3628] <... futex resumed>) = 0 [pid 3626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3620] <... futex resumed>) = 0 [pid 3629] write(4, "#! \n", 4 [pid 3628] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] write(4, "#! \n", 4 [pid 3620] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] newfstatat(AT_FDCWD, "./108/file2", [pid 3629] <... write resumed>) = 4 [pid 3628] <... futex resumed>) = 0 [pid 3620] <... futex resumed>) = 0 [pid 3629] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3626] <... write resumed>) = 4 [pid 3620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3629] <... futex resumed>) = 0 [pid 3628] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3626] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... mmap resumed>) = 0x7f0aecc8e000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3629] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3628] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3626] <... futex resumed>) = 0 [pid 3620] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3628] <... mprotect resumed>) = 0 [pid 3626] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] <... mprotect resumed>) = 0 [pid 291] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3628] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3620] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3628] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3620] <... rt_sigprocmask resumed>[], 8) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./111/file2", [pid 3628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 291] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3628] <... clone3 resumed> => {parent_tid=[3643]}, 88) = 3643 [pid 3620] <... clone3 resumed> => {parent_tid=[3644]}, 88) = 3644 [pid 3628] rt_sigprocmask(SIG_SETMASK, [], [pid 3620] rt_sigprocmask(SIG_SETMASK, [], [pid 3628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3628] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = 0 [pid 3620] <... futex resumed>) = 0 [pid 3628] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3643] write(4, "#! \n", 4) = 4 [pid 3643] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3628] <... futex resumed>) = 0 [pid 3628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3629] <... futex resumed>) = 0 [pid 3628] <... futex resumed>) = 1 [pid 3629] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3629] <... mmap resumed>) = 0x200000000000 [pid 291] <... openat resumed>) = 4 [pid 290] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3629] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3628] <... futex resumed>) = 0 [pid 291] newfstatat(4, "", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3629] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3628] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3628] <... futex resumed>) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 3644 attached [pid 3644] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3644] write(4, "#! \n", 4) = 4 [pid 3644] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3644] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] <... mount resumed>) = 0 [pid 3636] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3636] chdir("./file2") = 0 [pid 3636] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3636] ioctl(4, LOOP_CLR_FD) = 0 [pid 3636] close(4) = 0 [pid 3636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] <... futex resumed>) = 0 [pid 3636] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3634] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... openat resumed>) = 4 [pid 3634] <... futex resumed>) = 0 [pid 3636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 0 [pid 3634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3636] write(4, "#! \n", 4 [pid 3634] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... write resumed>) = 4 [pid 3634] <... futex resumed>) = 0 [pid 3636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3634] <... futex resumed>) = 0 [pid 3636] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3634] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3646]}, 88) = 3646 [pid 3634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3634] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./111/file2") = 0 [pid 290] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./111/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./111") = 0 [pid 290] mkdir("./112", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3628] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3620] <... futex resumed>) = 0 [pid 291] getdents64(4, [pid 3620] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3626] <... futex resumed>) = 0 [pid 3620] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3626] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 291] getdents64(4, [pid 3626] <... mmap resumed>) = 0x200000000000 [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3626] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 291] close(4 [pid 3626] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3620] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3647 [pid 3629] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3643] <... futex resumed>) = ? ./strace-static-x86_64: Process 3646 attached [pid 3646] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3646] write(4, "#! \n", 4) = 4 [pid 3646] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = 0 [pid 3634] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3634] <... futex resumed>) = 1 [pid 3636] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3634] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... mmap resumed>) = 0x200000000000 [pid 3636] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3647 attached [pid 3646] <... futex resumed>) = 1 [pid 3634] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = ? [pid 3626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3620] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] rmdir("./108/file2" [pid 3647] set_robust_list(0x555594a056a0, 24 [pid 291] <... rmdir resumed>) = 0 [pid 3647] <... set_robust_list resumed>) = 0 [pid 291] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3647] chdir("./112" [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3647] <... chdir resumed>) = 0 [pid 291] newfstatat(AT_FDCWD, "./108/binderfs", [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3647] <... prctl resumed>) = 0 [pid 291] unlink("./108/binderfs" [pid 3647] setpgid(0, 0 [pid 291] <... unlink resumed>) = 0 [pid 3647] <... setpgid resumed>) = 0 [pid 291] getdents64(3, [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3647] <... openat resumed>) = 3 [pid 291] close(3 [pid 3647] write(3, "1000", 4 [pid 291] <... close resumed>) = 0 [pid 3647] <... write resumed>) = 4 [pid 291] rmdir("./108"executing program [pid 3647] close(3 [pid 291] <... rmdir resumed>) = 0 [pid 3647] <... close resumed>) = 0 [pid 291] mkdir("./109", 0777 [pid 3647] symlink("/dev/binderfs", "./binderfs" [pid 291] <... mkdir resumed>) = 0 [pid 3647] <... symlink resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3647] write(1, "executing program\n", 18 [pid 291] <... openat resumed>) = 3 [pid 3647] <... write resumed>) = 18 [pid 291] ioctl(3, LOOP_CLR_FD [pid 3647] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3647] <... futex resumed>) = 0 [pid 291] close(3 [pid 3647] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 291] <... close resumed>) = 0 [pid 3647] <... rt_sigaction resumed>NULL, 8) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3648 [pid 3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3647] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3647] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3634] <... futex resumed>) = 0 [pid 3636] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3634] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3649 attached ./strace-static-x86_64: Process 3648 attached [pid 3647] <... clone3 resumed> => {parent_tid=[3649]}, 88) = 3649 [pid 3644] <... futex resumed>) = ? [pid 3643] +++ killed by SIGBUS +++ [pid 3634] <... futex resumed>) = ? [pid 3620] <... futex resumed>) = ? [pid 3649] set_robust_list(0x7f0aecccf9a0, 24 [pid 3648] set_robust_list(0x555594a056a0, 24 [pid 3647] rt_sigprocmask(SIG_SETMASK, [], [pid 3646] +++ killed by SIGBUS +++ [pid 3644] +++ killed by SIGBUS +++ [pid 3629] +++ killed by SIGBUS +++ [pid 3628] +++ killed by SIGBUS +++ [pid 3649] <... set_robust_list resumed>) = 0 [pid 3648] <... set_robust_list resumed>) = 0 [pid 3647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3647] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3628, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 3647] <... futex resumed>) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3647] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3648] chdir("./109" [pid 3626] +++ killed by SIGBUS +++ [pid 3620] +++ killed by SIGBUS +++ [pid 3649] rt_sigprocmask(SIG_SETMASK, [], [pid 3636] +++ killed by SIGBUS +++ [pid 3634] +++ killed by SIGBUS +++ [pid 3648] <... chdir resumed>) = 0 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3634, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3620, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 3649] memfd_create("syzkaller", 0) = 3 [pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 executing program [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] write(1, "executing program\n", 18 [pid 3649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3648] <... write resumed>) = 18 [pid 3648] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3648] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3650]}, 88) = 3650 [pid 3648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3648] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3650 attached [pid 3650] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3650] memfd_create("syzkaller", 0) = 3 [pid 3649] <... write resumed>) = 524288 [pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3649] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3649] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3649] close(3) = 0 [pid 3649] close(4) = 0 [pid 3649] mkdir("./file2", 0777) = 0 [pid 3649] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] <... restart_syscall resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 289] newfstatat(3, "", [pid 288] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, [pid 288] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", [pid 287] newfstatat(3, "", [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, [pid 287] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3650] <... write resumed>) = 524288 [pid 3650] munmap(0x7f0ae48af000, 138412032) = 0 [ 76.006872][ T3629] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 76.023341][ T3626] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 76.025886][ T3636] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3650] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 3650] close(3) = 0 [pid 3650] close(4) = 0 [pid 3650] mkdir("./file2", 0777) = 0 [pid 3650] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 288] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 289] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] rmdir("./107/file2" [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./108/file2", [pid 287] newfstatat(AT_FDCWD, "./115/file2", [pid 288] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./107/binderfs", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./107/binderfs" [pid 289] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... unlink resumed>) = 0 [pid 287] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./107" [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] mkdir("./108", 0777 [pid 287] openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... openat resumed>) = 4 [pid 288] <... mkdir resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 289] newfstatat(4, "", [pid 287] newfstatat(4, "", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] getdents64(4, [pid 288] <... openat resumed>) = 3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 287] getdents64(4, [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 289] close(4 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] getdents64(4, [pid 289] rmdir("./108/file2" [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 289] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] close(4 [pid 289] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 3649] <... mount resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] rmdir("./115/file2" [pid 3649] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 289] newfstatat(AT_FDCWD, "./108/binderfs", [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3655 [pid 287] <... rmdir resumed>) = 0 [pid 3649] <... openat resumed>) = 3 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3649] chdir("./file2" [pid 289] unlink("./108/binderfs" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 3655 attached [pid 3649] <... chdir resumed>) = 0 [pid 289] <... unlink resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./115/binderfs", [pid 3655] set_robust_list(0x555594a056a0, 24 [pid 3650] <... mount resumed>) = 0 [pid 3649] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] getdents64(3, [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3650] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3649] <... openat resumed>) = 4 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] unlink("./115/binderfs" [pid 3650] <... openat resumed>) = 3 [pid 3649] ioctl(4, LOOP_CLR_FD [pid 289] close(3 [pid 287] <... unlink resumed>) = 0 [pid 3655] <... set_robust_list resumed>) = 0 [pid 3650] chdir("./file2" [pid 3649] <... ioctl resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 287] getdents64(3, executing program [pid 3650] <... chdir resumed>) = 0 [pid 3649] close(4 [pid 289] rmdir("./108" [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3650] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3649] <... close resumed>) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 287] close(3 [pid 289] mkdir("./109", 0777 [pid 287] <... close resumed>) = 0 [pid 289] <... mkdir resumed>) = 0 [pid 287] rmdir("./115" [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... rmdir resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] mkdir("./116", 0777 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] <... mkdir resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] close(3 [pid 287] <... openat resumed>) = 3 [pid 289] <... close resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3658 [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3659 ./strace-static-x86_64: Process 3659 attached [pid 3659] set_robust_list(0x555594a056a0, 24 [pid 3649] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] <... openat resumed>) = 4 [pid 3649] <... futex resumed>) = 1 [pid 3647] <... futex resumed>) = 0 [pid 3659] <... set_robust_list resumed>) = 0 [pid 3647] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] ioctl(4, LOOP_CLR_FD [pid 3649] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3650] <... ioctl resumed>) = 0 [pid 3647] <... futex resumed>) = 0 [pid 3659] chdir("./116" [pid 3647] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] <... chdir resumed>) = 0 [pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3649] <... openat resumed>) = 4 [pid 3650] close(4 [pid 3659] <... prctl resumed>) = 0 [pid 3649] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] <... close resumed>) = 0 [pid 3649] <... futex resumed>) = 1 [pid 3650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] <... futex resumed>) = 0 [pid 3649] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3650] <... futex resumed>) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3647] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3648] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] <... futex resumed>) = 0 [pid 3648] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] write(4, "#! \n", 4 [pid 3647] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] setpgid(0, 0) = 0 [pid 3647] <... futex resumed>) = 0 [pid 3649] <... write resumed>) = 4 [pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3650] <... openat resumed>) = 4 [pid 3649] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3659] <... openat resumed>) = 3 [pid 3650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3647] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3650] <... futex resumed>) = 1 [pid 3649] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... futex resumed>) = 0 [pid 3650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3647] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3648] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3658 attached [pid 3659] write(3, "1000", 4 [pid 3650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3647] <... mprotect resumed>) = 0 [pid 3650] write(4, "#! \n", 4 [pid 3648] <... clone3 resumed> => {parent_tid=[3660]}, 88) = 3660 [pid 3647] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3650] <... write resumed>) = 4 [pid 3648] rt_sigprocmask(SIG_SETMASK, [], [pid 3647] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3655] chdir("./108" [pid 3650] <... futex resumed>) = 0 [pid 3648] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] set_robust_list(0x555594a056a0, 24 [pid 3655] <... chdir resumed>) = 0 [pid 3650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... futex resumed>) = 0 [pid 3647] <... clone3 resumed> => {parent_tid=[3661]}, 88) = 3661 [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3648] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] rt_sigprocmask(SIG_SETMASK, [], [pid 3655] <... prctl resumed>) = 0 [pid 3647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3658] <... set_robust_list resumed>) = 0 [pid 3647] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] setpgid(0, 0 [pid 3647] <... futex resumed>) = 0 [pid 3658] chdir("./109" [pid 3655] <... setpgid resumed>) = 0 [pid 3647] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] <... write resumed>) = 4 [pid 3659] close(3) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3658] <... chdir resumed>) = 0 [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3661 attached ./strace-static-x86_64: Process 3660 attached [pid 3659] write(1, "executing program\n", 18 [pid 3655] <... openat resumed>) = 3 [pid 3658] <... prctl resumed>) = 0 [pid 3655] write(3, "1000", 4 [pid 3659] <... write resumed>) = 18 [pid 3658] setpgid(0, 0 [pid 3655] <... write resumed>) = 4 [pid 3659] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... setpgid resumed>) = 0 [pid 3655] close(3 [pid 3659] <... futex resumed>) = 0 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3655] <... close resumed>) = 0 executing program [pid 3659] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3658] <... openat resumed>) = 3 [pid 3655] symlink("/dev/binderfs", "./binderfs" [pid 3659] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3658] write(3, "1000", 4 [pid 3659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3658] <... write resumed>) = 4 [pid 3659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3658] close(3 [pid 3659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3658] <... close resumed>) = 0 [pid 3659] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3658] symlink("/dev/binderfs", "./binderfs" [pid 3659] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3658] <... symlink resumed>) = 0 [pid 3659] <... mprotect resumed>) = 0 [pid 3658] write(1, "executing program\n", 18 [pid 3659] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3658] <... write resumed>) = 18 [pid 3659] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3658] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3658] <... futex resumed>) = 0 [pid 3658] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3659] <... clone3 resumed> => {parent_tid=[3662]}, 88) = 3662 [pid 3658] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3659] rt_sigprocmask(SIG_SETMASK, [], [pid 3658] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3659] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3659] <... futex resumed>) = 0 [pid 3658] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3659] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3658] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3655] <... symlink resumed>) = 0 [pid 3658] <... clone3 resumed> => {parent_tid=[3663]}, 88) = 3663 executing program [pid 3655] write(1, "executing program\n", 18 [pid 3658] rt_sigprocmask(SIG_SETMASK, [], [pid 3655] <... write resumed>) = 18 [pid 3658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3658] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] <... futex resumed>) = 0 [pid 3655] <... futex resumed>) = 0 [pid 3658] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3655] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3660] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3660] write(4, "#! \n", 4) = 4 [pid 3660] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3648] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] <... futex resumed>) = 1 [pid 3650] <... futex resumed>) = 0 [pid 3655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3648] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3650] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3661] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3661] rt_sigprocmask(SIG_SETMASK, [], [pid 3650] <... mmap resumed>) = 0x200000000000 [pid 3655] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3650] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3650] <... futex resumed>) = 1 [pid 3655] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3648] <... futex resumed>) = 0 [pid 3650] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3648] <... futex resumed>) = 0 [pid 3655] <... mprotect resumed>) = 0 [pid 3661] write(4, "#! \n", 4) = 4 [pid 3661] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3662] memfd_create("syzkaller", 0) = 3 [pid 3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3662] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3662] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3663] memfd_create("syzkaller", 0) = 3 [pid 3663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3647] <... futex resumed>) = 0 [pid 3648] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = 0 [pid 3647] <... futex resumed>) = 1 [pid 3655] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3649] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3647] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... mmap resumed>) = 0x200000000000 [pid 3655] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3649] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3647] <... futex resumed>) = 0 [pid 3655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3649] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3647] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3647] <... futex resumed>) = 0 [pid 3663] <... write resumed>) = 524288 [pid 3663] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3663] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3660] <... futex resumed>) = ? [pid 3662] <... ioctl resumed>) = 0 [pid 3662] close(3) = 0 [pid 3662] close(4 [pid 3655] <... clone3 resumed> => {parent_tid=[3665]}, 88) = 3665 [pid 3655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3655] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3665] memfd_create("syzkaller", 0) = 3 [pid 3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3665] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3665] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3647] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3648] <... futex resumed>) = ? [pid 3660] +++ killed by SIGBUS +++ [pid 3650] +++ killed by SIGBUS +++ [pid 3648] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3648, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3649] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3647] <... futex resumed>) = ? [pid 3661] <... futex resumed>) = ? [pid 3649] +++ killed by SIGBUS +++ [pid 3661] +++ killed by SIGBUS +++ [pid 3647] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3647, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3665] <... openat resumed>) = 4 [pid 3663] <... openat resumed>) = 4 [pid 3662] <... close resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 3663] ioctl(4, LOOP_SET_FD, 3 [pid 291] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 3665] ioctl(4, LOOP_SET_FD, 3 [pid 3662] mkdir("./file2", 0777 [pid 291] rmdir("./109/file2") = 0 [pid 3662] <... mkdir resumed>) = 0 [pid 291] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3662] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] newfstatat(AT_FDCWD, "./109/binderfs", [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] unlink("./109/binderfs" [pid 290] <... openat resumed>) = 3 [pid 291] <... unlink resumed>) = 0 [pid 290] newfstatat(3, "", [pid 291] getdents64(3, [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] getdents64(3, [pid 291] close(3) = 0 [pid 290] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] rmdir("./109" [pid 290] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... rmdir resumed>) = 0 [pid 291] mkdir("./110", 0777) = 0 [ 76.286156][ T3650] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 76.302788][ T3649] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3663] <... ioctl resumed>) = 0 [pid 3663] close(3) = 0 [pid 3663] close(4 [pid 3665] <... ioctl resumed>) = 0 [pid 3665] close(3) = 0 [pid 3665] close(4 [pid 3662] <... mount resumed>) = 0 [pid 3662] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3662] chdir("./file2") = 0 [pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3663] <... close resumed>) = 0 [pid 3663] mkdir("./file2", 0777) = 0 [pid 3663] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3665] <... close resumed>) = 0 [pid 3665] mkdir("./file2", 0777) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 3665] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 290] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./112/file2") = 0 [pid 290] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./112/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./112") = 0 [pid 290] mkdir("./113", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3662] <... openat resumed>) = 4 [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 3662] ioctl(4, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 3662] <... ioctl resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3662] close(4 [pid 291] close(3 [pid 290] close(3 [pid 3662] <... close resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 3662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3662] <... futex resumed>) = 1 [pid 3659] <... futex resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3671 [pid 3662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3659] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3671 attached [pid 3659] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3671] set_robust_list(0x555594a056a0, 24) = 0 [pid 3662] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3671] chdir("./110") = 0 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] <... openat resumed>) = 4 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] <... openat resumed>) = 3 [pid 3662] <... futex resumed>) = 1 [pid 3659] <... futex resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x555594a05690) = 3672 [pid 3662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3659] <... futex resumed>) = 0 [pid 3662] write(4, "#! \n", 4 [pid 3659] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] write(3, "1000", 4 [pid 3662] <... write resumed>) = 4 [pid 3659] <... futex resumed>) = 0 [pid 3662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3662] <... futex resumed>) = 0 [pid 3659] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3671] <... write resumed>) = 4 [pid 3659] <... mprotect resumed>) = 0 [pid 3671] close(3 [pid 3659] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3671] <... close resumed>) = 0 [pid 3659] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3671] symlink("/dev/binderfs", "./binderfs" [pid 3659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3671] <... symlink resumed>) = 0 executing program [pid 3671] write(1, "executing program\n", 18 [pid 3659] <... clone3 resumed> => {parent_tid=[3673]}, 88) = 3673 [pid 3671] <... write resumed>) = 18 [pid 3659] rt_sigprocmask(SIG_SETMASK, [], [pid 3671] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3671] <... futex resumed>) = 0 [pid 3659] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3659] <... futex resumed>) = 0 [pid 3671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3659] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3671] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3674]}, 88) = 3674 [pid 3671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3671] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3674 attached [pid 3674] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3674] memfd_create("syzkaller", 0) = 3 [pid 3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3674] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3674] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3674] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x555594a056a0, 24) = 0 [pid 3672] chdir("./113") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 3673 attached [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs" [pid 3673] set_robust_list(0x7f0aeccae9a0, 24 [pid 3674] <... ioctl resumed>) = 0 [pid 3673] <... set_robust_list resumed>) = 0 [pid 3672] <... symlink resumed>) = 0 [pid 3665] <... mount resumed>) = 0 [pid 3663] <... mount resumed>) = 0 [pid 3663] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3665] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3663] chdir("./file2") = 0 [pid 3665] chdir("./file2") = 0 [pid 3663] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3665] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3663] <... openat resumed>) = 4 [pid 3665] <... openat resumed>) = 4 [pid 3663] ioctl(4, LOOP_CLR_FD [pid 3665] ioctl(4, LOOP_CLR_FD [pid 3663] <... ioctl resumed>) = 0 [pid 3665] <... ioctl resumed>) = 0 [pid 3663] close(4 [pid 3665] close(4 [pid 3663] <... close resumed>) = 0 [pid 3665] <... close resumed>) = 0 [pid 3663] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 1 [pid 3658] <... futex resumed>) = 0 [pid 3665] <... futex resumed>) = 1 [pid 3663] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3658] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3665] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3663] <... openat resumed>) = 4 [pid 3658] <... futex resumed>) = 0 [pid 3655] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... openat resumed>) = 4 [pid 3663] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 0 [pid 3665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3655] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 0 [pid 3663] write(4, "#! \n", 4 [pid 3658] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] <... futex resumed>) = 0 [pid 3655] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3658] <... futex resumed>) = 0 [pid 3655] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3655] <... futex resumed>) = 0 [pid 3658] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3658] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3655] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3658] <... mprotect resumed>) = 0 [pid 3655] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3658] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3655] <... mprotect resumed>) = 0 [pid 3658] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3655] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3655] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3658] <... clone3 resumed> => {parent_tid=[3680]}, 88) = 3680 [pid 3658] rt_sigprocmask(SIG_SETMASK, [], [pid 3655] <... clone3 resumed> => {parent_tid=[3681]}, 88) = 3681 [pid 3658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3655] rt_sigprocmask(SIG_SETMASK, [], [pid 3658] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3658] <... futex resumed>) = 0 [pid 3655] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 0 [pid 3655] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] close(3 [pid 3673] rt_sigprocmask(SIG_SETMASK, [], [pid 3665] write(4, "#! \n", 4 [pid 3663] <... write resumed>) = 4 [pid 3665] <... write resumed>) = 4 [pid 3665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3674] <... close resumed>) = 0 [pid 3673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3674] close(4 [pid 3673] write(4, "#! \n", 4) = 4 [pid 3673] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] write(1, "executing program\n", 18 [pid 3673] <... futex resumed>) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3673] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = 0 [pid 3659] <... futex resumed>) = 1 [pid 3662] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0executing program [pid 3659] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3662] <... mmap resumed>) = 0x200000000000 [pid 3662] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3659] <... futex resumed>) = 0 [pid 3662] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3659] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3681 attached ./strace-static-x86_64: Process 3680 attached [pid 3672] <... write resumed>) = 18 [pid 3680] set_robust_list(0x7f0aeccae9a0, 24 [pid 3672] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] <... set_robust_list resumed>) = 0 [pid 3672] <... futex resumed>) = 0 [pid 3680] rt_sigprocmask(SIG_SETMASK, [], [pid 3672] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3672] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3680] write(4, "#! \n", 4 [pid 3672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3680] <... write resumed>) = 4 [pid 3672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3680] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3680] <... futex resumed>) = 1 [pid 3672] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3680] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3682]}, 88) = 3682 [pid 3672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3672] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3681] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3681] write(4, "#! \n", 4) = 4 [pid 3681] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... futex resumed>) = 0 [pid 3658] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3658] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3682 attached [pid 3682] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3682] memfd_create("syzkaller", 0) = 3 [pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3663] <... futex resumed>) = 0 [pid 3655] <... futex resumed>) = 0 [pid 3663] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3655] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3662] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3665] <... futex resumed>) = 0 [pid 3663] <... mmap resumed>) = 0x200000000000 [pid 3655] <... futex resumed>) = 1 [pid 3673] <... futex resumed>) = ? [pid 3659] <... futex resumed>) = ? [pid 3665] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3663] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... mmap resumed>) = 0x200000000000 [pid 3663] <... futex resumed>) = 1 [pid 3658] <... futex resumed>) = 0 [pid 3665] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] +++ killed by SIGBUS +++ [pid 3665] <... futex resumed>) = 1 [pid 3663] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3658] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 0 [pid 3665] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] <... futex resumed>) = 0 [pid 3655] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3658] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 0 [pid 3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3682] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3682] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3662] +++ killed by SIGBUS +++ [pid 3659] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3659, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3655] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3681] <... futex resumed>) = ? [pid 3655] <... futex resumed>) = ? [pid 3681] +++ killed by SIGBUS +++ [pid 3665] +++ killed by SIGBUS +++ [pid 3655] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3655, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3663] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3680] <... futex resumed>) = ? [pid 3658] <... futex resumed>) = ? [pid 3680] +++ killed by SIGBUS +++ [pid 3663] +++ killed by SIGBUS +++ [pid 3658] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3658, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3674] <... close resumed>) = 0 [pid 289] getdents64(3, [pid 3674] mkdir("./file2", 0777) = 0 [pid 3674] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [ 76.574004][ T3662] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 76.590304][ T3665] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 76.596646][ T3663] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3682] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3682] ioctl(4, LOOP_SET_FD, 3 [pid 289] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./109/file2") = 0 [pid 289] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./109/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./109") = 0 [pid 289] mkdir("./110", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3674] <... mount resumed>) = 0 [pid 3674] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3674] chdir("./file2") = 0 [pid 3674] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3685 [pid 287] <... umount2 resumed>) = 0 [pid 288] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./108/file2", [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] newfstatat(AT_FDCWD, "./116/file2", [pid 288] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... openat resumed>) = 4 [pid 287] openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] newfstatat(4, "", [pid 287] <... openat resumed>) = 4 executing program [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(4, "", [pid 288] getdents64(4, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 3685 attached [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3685] set_robust_list(0x555594a056a0, 24) = 0 [pid 3682] <... ioctl resumed>) = 0 [pid 3674] <... openat resumed>) = 4 [pid 3682] close(3 [pid 287] getdents64(4, [pid 3682] <... close resumed>) = 0 [pid 3674] ioctl(4, LOOP_CLR_FD [pid 288] getdents64(4, [pid 3682] close(4 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3674] <... ioctl resumed>) = 0 [pid 287] getdents64(4, [pid 3674] close(4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4 [pid 3685] chdir("./110") = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3685] write(1, "executing program\n", 18) = 18 [pid 3685] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3685] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3685] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 287] close(4 [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 288] rmdir("./108/file2" [pid 287] rmdir("./116/file2" [pid 3685] <... clone3 resumed> => {parent_tid=[3687]}, 88) = 3687 [pid 3685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 3685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 288] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./108/binderfs", [pid 287] newfstatat(AT_FDCWD, "./116/binderfs", [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./108/binderfs" [pid 287] unlink("./116/binderfs" [pid 3687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 288] getdents64(3, [pid 287] getdents64(3, [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 287] close(3 [pid 288] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 288] rmdir("./108" [pid 287] rmdir("./116" [pid 3687] memfd_create("syzkaller", 0) = 3 [pid 3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 288] <... rmdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 288] mkdir("./109", 0777 [pid 287] mkdir("./117", 0777) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3687] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3687] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3682] <... close resumed>) = 0 [pid 3674] <... close resumed>) = 0 [pid 3682] mkdir("./file2", 0777) = 0 [pid 3682] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 3674] <... futex resumed>) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3674] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] ioctl(3, LOOP_CLR_FD [pid 3671] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 3674] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3671] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3674] <... openat resumed>) = 4 [pid 288] close(3 [pid 287] close(3 [pid 3674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... close resumed>) = 0 [pid 3674] <... futex resumed>) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3674] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 3674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3674] write(4, "#! \n", 4 [pid 3671] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3674] <... write resumed>) = 4 [pid 3671] <... futex resumed>) = 0 [pid 3674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3688 [pid 287] <... clone resumed>, child_tidptr=0x555594a05690) = 3689 [pid 3674] <... futex resumed>) = 0 [pid 3671] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3674] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 3689 attached ./strace-static-x86_64: Process 3688 attached [pid 3687] <... openat resumed>) = 4 [pid 3671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3690]}, 88) = 3690 [pid 3671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3671] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3671] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] set_robust_list(0x555594a056a0, 24 [pid 3687] ioctl(4, LOOP_SET_FD, 3 [pid 3688] <... set_robust_list resumed>) = 0 [pid 3688] chdir("./109") = 0 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 3690 attached [pid 3689] set_robust_list(0x555594a056a0, 24 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3690] set_robust_list(0x7f0aeccae9a0, 24 [pid 3689] <... set_robust_list resumed>) = 0 [pid 3690] <... set_robust_list resumed>) = 0 [pid 3689] chdir("./117" [pid 3690] rt_sigprocmask(SIG_SETMASK, [], [pid 3689] <... chdir resumed>) = 0 [pid 3690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3690] write(4, "#! \n", 4 [pid 3689] <... prctl resumed>) = 0 [pid 3690] <... write resumed>) = 4 [pid 3689] setpgid(0, 0 [pid 3690] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] <... setpgid resumed>) = 0 [pid 3690] <... futex resumed>) = 1 [pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3671] <... futex resumed>) = 0 [pid 3690] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] <... openat resumed>) = 3 [pid 3671] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 executing program executing program [pid 3689] write(3, "1000", 4 [pid 3674] <... futex resumed>) = 0 [pid 3671] <... futex resumed>) = 1 [pid 3674] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3671] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] <... write resumed>) = 4 [pid 3674] <... mmap resumed>) = 0x200000000000 [pid 3689] close(3 [pid 3674] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] <... close resumed>) = 0 [pid 3674] <... futex resumed>) = 1 [pid 3671] <... futex resumed>) = 0 [pid 3674] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3671] <... futex resumed>) = 0 [pid 3689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3671] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] write(1, "executing program\n", 18) = 18 [pid 3689] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3689] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3689] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3694]}, 88) = 3694 [pid 3689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3689] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3689] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3694 attached [pid 3694] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3694] memfd_create("syzkaller", 0) = 3 [pid 3694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3694] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3694] ioctl(4, LOOP_SET_FD, 3 [pid 3687] <... ioctl resumed>) = 0 [pid 3687] close(3) = 0 [pid 3687] close(4 [pid 3682] <... mount resumed>) = 0 [pid 3682] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3682] chdir("./file2") = 0 [pid 3682] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3688] <... openat resumed>) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3688] write(1, "executing program\n", 18) = 18 [pid 3688] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3688] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3696]}, 88) = 3696 [pid 3688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3688] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3696] memfd_create("syzkaller", 0) = 3 [pid 3696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3696] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3696] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3694] <... ioctl resumed>) = 0 [pid 3694] close(3 [pid 3674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3694] <... close resumed>) = 0 [pid 3694] close(4 [pid 3690] <... futex resumed>) = ? [pid 3671] <... futex resumed>) = ? [pid 3690] +++ killed by SIGBUS +++ [pid 3674] +++ killed by SIGBUS +++ [pid 3671] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3687] <... close resumed>) = 0 [pid 3682] <... openat resumed>) = 4 [pid 3696] <... openat resumed>) = 4 [pid 3687] mkdir("./file2", 0777) = 0 [pid 3687] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3696] ioctl(4, LOOP_SET_FD, 3 [ 76.771756][ T3674] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3682] ioctl(4, LOOP_CLR_FD [pid 3694] <... close resumed>) = 0 [pid 3682] <... ioctl resumed>) = 0 [pid 3694] mkdir("./file2", 0777 [pid 3682] close(4 [pid 3694] <... mkdir resumed>) = 0 [pid 3694] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3696] <... ioctl resumed>) = 0 [pid 3696] close(3) = 0 [pid 3696] close(4 [pid 3687] <... mount resumed>) = 0 [pid 3687] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3687] chdir("./file2") = 0 [pid 3687] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3682] <... close resumed>) = 0 [pid 3682] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3682] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3672] <... futex resumed>) = 1 [pid 3682] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3672] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... openat resumed>) = 4 [pid 3682] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3682] write(4, "#! \n", 4 [pid 3672] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... write resumed>) = 4 [pid 3672] <... futex resumed>) = 0 [pid 3682] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3672] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3672] <... futex resumed>) = 0 [pid 3682] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3672] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0}./strace-static-x86_64: Process 3700 attached [pid 3700] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3700] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] <... clone3 resumed> => {parent_tid=[3700]}, 88) = 3700 [pid 3672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3672] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 0 [pid 3700] write(4, "#! \n", 4) = 4 [pid 3700] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = 0 [pid 3672] <... futex resumed>) = 1 [pid 3682] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3672] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... mmap resumed>) = 0x200000000000 [pid 3682] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3682] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3682] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3672] <... futex resumed>) = ? [pid 3700] <... futex resumed>) = ? [pid 3700] +++ killed by SIGBUS +++ [pid 3682] +++ killed by SIGBUS +++ [pid 3672] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3672, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3694] <... mount resumed>) = 0 [pid 3694] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3694] chdir("./file2") = 0 [pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3696] <... close resumed>) = 0 [pid 3694] <... openat resumed>) = 4 [pid 3687] <... openat resumed>) = 4 [pid 291] <... umount2 resumed>) = 0 [pid 3694] ioctl(4, LOOP_CLR_FD [pid 291] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3696] mkdir("./file2", 0777 [pid 3687] ioctl(4, LOOP_CLR_FD [pid 291] <... openat resumed>) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3696] <... mkdir resumed>) = 0 [pid 291] getdents64(4, [pid 3696] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 291] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./110/file2") = 0 [pid 291] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./110/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./110") = 0 [pid 291] mkdir("./111", 0777) = 0 [ 76.914677][ T3682] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3694] <... ioctl resumed>) = 0 [pid 290] <... umount2 resumed>) = 0 [pid 3694] close(4 [pid 3687] <... ioctl resumed>) = 0 [pid 291] <... openat resumed>) = 3 [pid 290] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3694] <... close resumed>) = 0 [pid 3687] close(4 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3694] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... close resumed>) = 0 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] newfstatat(AT_FDCWD, "./113/file2", [pid 3694] <... futex resumed>) = 1 [pid 3689] <... futex resumed>) = 0 [pid 3687] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] close(3 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3694] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 1 [pid 3685] <... futex resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 290] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3689] <... futex resumed>) = 0 [pid 3687] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3694] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3689] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3694] <... openat resumed>) = 4 [pid 3687] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3703 [pid 290] <... openat resumed>) = 4 [pid 3694] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(4, "", [pid 3694] <... futex resumed>) = 1 [pid 3689] <... futex resumed>) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3694] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... openat resumed>) = 4 [pid 290] getdents64(4, [pid 3694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3689] <... futex resumed>) = 0 [pid 3687] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3694] write(4, "#! \n", 4 [pid 3689] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 1 [pid 3685] <... futex resumed>) = 0 [pid 290] getdents64(4, [pid 3694] <... write resumed>) = 4 [pid 3689] <... futex resumed>) = 0 [pid 3687] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3694] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] <... futex resumed>) = 0 [pid 290] close(4 [pid 3694] <... futex resumed>) = 0 [pid 3689] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3687] write(4, "#! \n", 4 [pid 3685] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... close resumed>) = 0 [pid 3694] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3687] <... write resumed>) = 4 [pid 3685] <... futex resumed>) = 0 [pid 290] rmdir("./113/file2" [pid 3689] <... mprotect resumed>) = 0 [pid 3687] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 290] <... rmdir resumed>) = 0 [pid 3689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3687] <... futex resumed>) = 0 [pid 3685] <... mmap resumed>) = 0x7f0aecc8e000 [pid 290] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3687] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3685] <... mprotect resumed>) = 0 [pid 290] newfstatat(AT_FDCWD, "./113/binderfs", [pid 3685] rt_sigprocmask(SIG_BLOCK, ~[], [pid 290] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3689] <... clone3 resumed> => {parent_tid=[3705]}, 88) = 3705 [pid 3685] <... rt_sigprocmask resumed>[], 8) = 0 [pid 290] unlink("./113/binderfs" [pid 3689] rt_sigprocmask(SIG_SETMASK, [], [pid 3685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 290] <... unlink resumed>) = 0 [pid 3689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] getdents64(3, [pid 3689] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3689] <... futex resumed>) = 0 [pid 3685] <... clone3 resumed> => {parent_tid=[3706]}, 88) = 3706 [pid 290] close(3 [pid 3689] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] rt_sigprocmask(SIG_SETMASK, [], [pid 290] <... close resumed>) = 0 [pid 3685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 290] rmdir("./113" [pid 3685] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... rmdir resumed>) = 0 [pid 3685] <... futex resumed>) = 0 [pid 290] mkdir("./114", 0777 [pid 3685] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... mkdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3707 ./strace-static-x86_64: Process 3703 attached [pid 3703] set_robust_list(0x555594a056a0, 24) = 0 [pid 3703] chdir("./111") = 0 [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 3706 attached [pid 3706] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 executing program [pid 3703] write(1, "executing program\n", 18) = 18 [pid 3703] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3706] write(4, "#! \n", 4) = 4 [pid 3703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3706] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3706] <... futex resumed>) = 1 [pid 3703] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3685] <... futex resumed>) = 1 [pid 3687] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... mmap resumed>) = 0x200000000000 [pid 3687] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3687] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3707 attached ./strace-static-x86_64: Process 3705 attached [pid 3706] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3703] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3685] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3707] set_robust_list(0x555594a056a0, 24 [pid 3705] set_robust_list(0x7f0aeccae9a0, 24 [pid 3703] <... mprotect resumed>) = 0 [pid 3707] <... set_robust_list resumed>) = 0 [pid 3705] <... set_robust_list resumed>) = 0 [pid 3703] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3707] chdir("./114" [pid 3705] rt_sigprocmask(SIG_SETMASK, [], [pid 3703] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3707] <... chdir resumed>) = 0 [pid 3705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3696] <... mount resumed>) = 0 [pid 3687] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3705] write(4, "#! \n", 4 [pid 3696] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3707] <... prctl resumed>) = 0 [pid 3705] <... write resumed>) = 4 [pid 3703] <... clone3 resumed> => {parent_tid=[3709]}, 88) = 3709 [pid 3696] <... openat resumed>) = 3 [pid 3707] setpgid(0, 0 [pid 3705] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] rt_sigprocmask(SIG_SETMASK, [], [pid 3696] chdir("./file2" [pid 3689] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3707] <... setpgid resumed>) = 0 [pid 3705] <... futex resumed>) = 0 [pid 3703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3696] <... chdir resumed>) = 0 [pid 3689] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3709 attached [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3706] <... futex resumed>) = ? [pid 3705] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3703] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3694] <... futex resumed>) = 0 [pid 3689] <... futex resumed>) = 1 [pid 3685] <... futex resumed>) = ? [pid 3709] set_robust_list(0x7f0aecccf9a0, 24 [pid 3707] <... openat resumed>) = 3 [pid 3706] +++ killed by SIGBUS +++ [pid 3703] <... futex resumed>) = 0 [pid 3696] <... openat resumed>) = 4 [pid 3694] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3689] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... set_robust_list resumed>) = 0 [pid 3707] write(3, "1000", 4 [pid 3703] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3696] ioctl(4, LOOP_CLR_FD [pid 3694] <... mmap resumed>) = 0x200000000000 [pid 3687] +++ killed by SIGBUS +++ [pid 3685] +++ killed by SIGBUS +++ [pid 3707] <... write resumed>) = 4 [pid 3696] <... ioctl resumed>) = 0 [ 77.018609][ T3687] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3694] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3685, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 3707] close(3 [pid 3696] close(4 [pid 3694] <... futex resumed>) = 1 [pid 3689] <... futex resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 3707] <... close resumed>) = 0 [pid 3696] <... close resumed>) = 0 [pid 3694] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] symlink("/dev/binderfs", "./binderfs" [pid 3696] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3689] <... futex resumed>) = 0 [pid 3709] rt_sigprocmask(SIG_SETMASK, [], [pid 3707] <... symlink resumed>) = 0 [pid 3696] <... futex resumed>) = 1 [pid 3688] <... futex resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 3709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3709] memfd_create("syzkaller", 0) = 3 [pid 289] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3709] <... mmap resumed>) = 0x7f0ae48af000 [pid 289] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 289] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3707] write(1, "executing program\n", 18 [pid 3696] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 3707] <... write resumed>) = 18 [pid 3696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3688] <... futex resumed>) = 0 [pid 3707] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = ? [pid 3696] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3689] <... futex resumed>) = ? [pid 3688] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3707] <... futex resumed>) = 0 [pid 3709] <... write resumed>) = 524288 [pid 3707] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 3696] <... openat resumed>) = 4 [pid 3709] munmap(0x7f0ae48af000, 138412032 [pid 3707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3705] +++ killed by SIGBUS +++ [pid 3696] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... munmap resumed>) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3696] <... futex resumed>) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3707] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3696] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 3696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3688] <... futex resumed>) = 0 [pid 3707] <... mprotect resumed>) = 0 [pid 3696] write(4, "#! \n", 4 [pid 3688] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3707] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3688] <... futex resumed>) = 0 [pid 3707] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3696] <... write resumed>) = 4 [pid 3688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3696] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3688] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3696] <... futex resumed>) = 0 [pid 3688] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3707] <... clone3 resumed> => {parent_tid=[3710]}, 88) = 3710 [pid 3696] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] rt_sigprocmask(SIG_SETMASK, [], [pid 3688] <... mprotect resumed>) = 0 [pid 3707] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 3710 attached [pid 3707] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3694] +++ killed by SIGBUS +++ [pid 3689] +++ killed by SIGBUS +++ [pid 3688] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3710] set_robust_list(0x7f0aecccf9a0, 24 [pid 3707] <... futex resumed>) = 0 [pid 3688] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3689, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 3710] <... set_robust_list resumed>) = 0 [pid 3707] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 3711 attached [pid 3688] <... clone3 resumed> => {parent_tid=[3711]}, 88) = 3711 [pid 3711] set_robust_list(0x7f0aeccae9a0, 24 [pid 3688] rt_sigprocmask(SIG_SETMASK, [], [pid 3710] memfd_create("syzkaller", 0 [pid 3688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3711] <... set_robust_list resumed>) = 0 [pid 3688] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] rt_sigprocmask(SIG_SETMASK, [], [pid 3688] <... futex resumed>) = 0 [pid 3710] <... memfd_create resumed>) = 3 [pid 3688] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 3710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 287] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3710] <... mmap resumed>) = 0x7f0ae48af000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3711] write(4, "#! \n", 4) = 4 [pid 3711] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3711] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = 0 [pid 3688] <... futex resumed>) = 1 [pid 3696] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3688] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] <... mmap resumed>) = 0x200000000000 [pid 3696] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3696] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3688] <... futex resumed>) = 0 [pid 3710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3710] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3710] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3688] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3696] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3711] <... futex resumed>) = ? [pid 3688] <... futex resumed>) = ? [pid 3711] +++ killed by SIGBUS +++ [pid 3696] +++ killed by SIGBUS +++ [pid 3688] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3688, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3709] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = 0 [pid 3709] ioctl(4, LOOP_SET_FD, 3 [pid 289] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./110/file2") = 0 [pid 289] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./110/binderfs") = 0 [pid 289] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./110") = 0 [pid 289] mkdir("./111", 0777) = 0 [ 77.066551][ T3694] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 77.092519][ T3696] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3710] <... openat resumed>) = 4 [pid 3710] ioctl(4, LOOP_SET_FD, 3 [pid 3709] <... ioctl resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 3709] close(3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3709] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3709] close(4 [pid 287] newfstatat(AT_FDCWD, "./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./117/file2") = 0 [pid 287] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./117/binderfs") = 0 [pid 287] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./117") = 0 [pid 287] mkdir("./118", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3710] <... ioctl resumed>) = 0 [pid 3710] close(3) = 0 [pid 3710] close(4 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 288] <... umount2 resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3714 ./strace-static-x86_64: Process 3714 attached [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3714] set_robust_list(0x555594a056a0, 24 [pid 289] close(3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3714] <... set_robust_list resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./109/file2", [pid 3714] chdir("./118" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3714] <... chdir resumed>) = 0 [pid 288] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3714] <... prctl resumed>) = 0 [pid 288] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3714] setpgid(0, 0 [pid 288] <... openat resumed>) = 4 [pid 3714] <... setpgid resumed>) = 0 [pid 288] newfstatat(4, "", [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3714] <... openat resumed>) = 3 [pid 288] getdents64(4, [pid 3714] write(3, "1000", 4 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3714] <... write resumed>) = 4 [pid 288] getdents64(4, [pid 3714] close(3 [pid 288] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3714] <... close resumed>) = 0 [pid 288] close(4 [pid 3714] symlink("/dev/binderfs", "./binderfs" [pid 288] <... close resumed>) = 0 executing program [pid 3714] <... symlink resumed>) = 0 [pid 288] rmdir("./109/file2" [pid 3714] write(1, "executing program\n", 18 [pid 288] <... rmdir resumed>) = 0 [pid 3714] <... write resumed>) = 18 [pid 288] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3714] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3714] <... futex resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./109/binderfs", [pid 3714] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3714] <... rt_sigaction resumed>NULL, 8) = 0 [pid 288] unlink("./109/binderfs" [pid 3714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 288] <... unlink resumed>) = 0 [pid 3714] <... mmap resumed>) = 0x7f0aeccaf000 [pid 288] getdents64(3, [pid 3714] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 288] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3714] <... mprotect resumed>) = 0 [pid 288] close(3 [pid 3714] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] <... close resumed>) = 0 [pid 3714] <... rt_sigprocmask resumed>[], 8) = 0 [pid 288] rmdir("./109" [pid 3714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3715]}, 88) = 3715 [pid 288] <... rmdir resumed>) = 0 [pid 3714] rt_sigprocmask(SIG_SETMASK, [], [pid 288] mkdir("./110", 0777 [pid 3714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3714] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3715 attached [pid 3715] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 3715] rt_sigprocmask(SIG_SETMASK, [], [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3715] memfd_create("syzkaller", 0) = 3 [pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3715] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3710] <... close resumed>) = 0 [pid 3709] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3716 [pid 3715] <... openat resumed>) = 4 [pid 3715] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3716 attached [pid 3716] set_robust_list(0x555594a056a0, 24) = 0 [pid 3716] chdir("./110" [pid 3710] mkdir("./file2", 0777 [pid 3709] mkdir("./file2", 0777 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3716] <... chdir resumed>) = 0 [pid 3715] <... ioctl resumed>) = 0 [pid 3710] <... mkdir resumed>) = 0 [pid 3709] <... mkdir resumed>) = 0 [pid 3709] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3718 [pid 3715] close(3 [pid 3710] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue"./strace-static-x86_64: Process 3718 attached [pid 3718] set_robust_list(0x555594a056a0, 24 [pid 3715] <... close resumed>) = 0 [pid 3718] <... set_robust_list resumed>) = 0 [pid 3718] chdir("./111") = 0 [pid 3715] close(4 [pid 3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3718] setpgid(0, 0) = 0 [pid 3716] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3716] <... prctl resumed>) = 0 [pid 3718] <... openat resumed>) = 3 [pid 3718] write(3, "1000", 4 [pid 3716] setpgid(0, 0 [pid 3718] <... write resumed>) = 4 [pid 3718] close(3) = 0 [pid 3718] symlink("/dev/binderfs", "./binderfs" [pid 3716] <... setpgid resumed>) = 0 [pid 3718] <... symlink resumed>) = 0 [pid 3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3718] write(1, "executing program\n", 18executing program [pid 3716] <... openat resumed>) = 3 [pid 3718] <... write resumed>) = 18 [pid 3716] write(3, "1000", 4) = 4 [pid 3716] close(3) = 0 [pid 3718] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] symlink("/dev/binderfs", "./binderfs" [pid 3718] <... futex resumed>) = 0 [pid 3718] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3716] <... symlink resumed>) = 0 [pid 3718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3718] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 executing program [pid 3718] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3716] write(1, "executing program\n", 18 [pid 3718] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3716] <... write resumed>) = 18 [pid 3718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3719]}, 88) = 3719 ./strace-static-x86_64: Process 3719 attached [pid 3716] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3718] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3719] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3719] memfd_create("syzkaller", 0) = 3 [pid 3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3716] <... futex resumed>) = 0 [pid 3716] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3716] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 3720 attached => {parent_tid=[3720]}, 88) = 3720 [pid 3720] set_robust_list(0x7f0aecccf9a0, 24 [pid 3716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3720] <... set_robust_list resumed>) = 0 [pid 3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] rt_sigprocmask(SIG_SETMASK, [], [pid 3716] <... futex resumed>) = 0 [pid 3720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3720] memfd_create("syzkaller", 0) = 3 [pid 3720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3719] <... write resumed>) = 524288 [pid 3719] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3719] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3720] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3720] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3709] <... mount resumed>) = 0 [pid 3709] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3709] chdir("./file2") = 0 [pid 3709] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3715] <... close resumed>) = 0 [pid 3715] mkdir("./file2", 0777) = 0 [pid 3715] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3710] <... mount resumed>) = 0 [pid 3710] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3710] chdir("./file2") = 0 [pid 3710] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3720] <... openat resumed>) = 4 [pid 3719] <... openat resumed>) = 4 [pid 3710] <... openat resumed>) = 4 [pid 3709] <... openat resumed>) = 4 [pid 3720] ioctl(4, LOOP_SET_FD, 3 [pid 3719] ioctl(4, LOOP_SET_FD, 3 [pid 3710] ioctl(4, LOOP_CLR_FD [pid 3709] ioctl(4, LOOP_CLR_FD [pid 3720] <... ioctl resumed>) = 0 [pid 3720] close(3 [pid 3719] <... ioctl resumed>) = 0 [pid 3720] <... close resumed>) = 0 [pid 3709] <... ioctl resumed>) = 0 [pid 3709] close(4 [pid 3720] close(4 [pid 3719] close(3 [pid 3710] <... ioctl resumed>) = 0 [pid 3709] <... close resumed>) = 0 [pid 3709] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3709] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3703] <... futex resumed>) = 0 [pid 3720] <... close resumed>) = 0 [pid 3710] close(4 [pid 3703] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... close resumed>) = 0 [pid 3703] <... futex resumed>) = 1 [pid 3710] <... close resumed>) = 0 [pid 3720] mkdir("./file2", 0777 [pid 3709] <... futex resumed>) = 0 [pid 3719] close(4 [pid 3720] <... mkdir resumed>) = 0 [pid 3719] <... close resumed>) = 0 [pid 3710] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3703] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3710] <... futex resumed>) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3707] <... futex resumed>) = 0 [pid 3710] <... openat resumed>) = 4 [pid 3707] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3719] mkdir("./file2", 0777) = 0 [pid 3709] <... openat resumed>) = 4 [pid 3710] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3719] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3710] <... futex resumed>) = 1 [pid 3709] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3707] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] write(4, "#! \n", 4 [pid 3709] <... futex resumed>) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3709] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] <... futex resumed>) = 0 [pid 3703] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] <... write resumed>) = 4 [pid 3703] <... futex resumed>) = 0 [pid 3709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3707] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = 0 [pid 3709] write(4, "#! \n", 4 [pid 3710] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... futex resumed>) = 0 [pid 3707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3709] <... write resumed>) = 4 [pid 3703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3707] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3710] <... futex resumed>) = 0 [pid 3709] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3707] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3710] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3709] <... futex resumed>) = 0 [pid 3707] <... mprotect resumed>) = 0 [pid 3703] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3709] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3703] <... mprotect resumed>) = 0 [pid 3707] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3703] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3707] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3703] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3731]}, 88) = 3731 [pid 3703] <... clone3 resumed> => {parent_tid=[3730]}, 88) = 3730 [pid 3707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3703] rt_sigprocmask(SIG_SETMASK, [], [pid 3707] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3707] <... futex resumed>) = 0 [pid 3703] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... mount resumed>) = 0 [pid 3715] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3715] chdir("./file2") = 0 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 3731 attached [pid 3731] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3731] write(4, "#! \n", 4) = 4 [pid 3731] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3731] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 ./strace-static-x86_64: Process 3730 attached [pid 3710] <... futex resumed>) = 0 [pid 3707] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3710] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3730] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3710] <... mmap resumed>) = 0x200000000000 [pid 3730] write(4, "#! \n", 4 [pid 3710] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3707] <... futex resumed>) = 0 [pid 3710] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3707] <... futex resumed>) = 0 [pid 3730] <... write resumed>) = 4 [pid 3730] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 0 [pid 3709] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3709] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] <... futex resumed>) = 0 [pid 3710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3703] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] <... futex resumed>) = ? [pid 3731] <... futex resumed>) = ? [pid 3731] +++ killed by SIGBUS +++ [pid 3710] +++ killed by SIGBUS +++ [pid 3707] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3707, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... restart_syscall resumed>) = 0 [pid 290] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3715] <... openat resumed>) = 4 [pid 3715] ioctl(4, LOOP_CLR_FD) = 0 [pid 3715] close(4) = 0 [pid 3715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3714] <... futex resumed>) = 0 [pid 3715] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3714] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... openat resumed>) = 4 [pid 3715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3714] <... futex resumed>) = 0 [pid 3715] write(4, "#! \n", 4 [pid 3714] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... write resumed>) = 4 [pid 3714] <... futex resumed>) = 0 [pid 3715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3715] <... futex resumed>) = 0 [pid 3715] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3714] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3709] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3730] <... futex resumed>) = ? [pid 3714] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3703] <... futex resumed>) = ? [pid 3714] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3732]}, 88) = 3732 [pid 3714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3714] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] +++ killed by SIGBUS +++ [pid 3709] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3732] write(4, "#! \n", 4) = 4 [pid 3732] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] <... futex resumed>) = 0 [pid 3714] <... futex resumed>) = 1 [pid 3715] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3714] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... mmap resumed>) = 0x200000000000 [pid 3715] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3732] <... futex resumed>) = 1 [pid 3714] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3703, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3732] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3719] <... mount resumed>) = 0 [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 77.360013][ T3710] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 77.361186][ T3709] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3719] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3719] chdir("./file2") = 0 [pid 3719] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3720] <... mount resumed>) = 0 [pid 3720] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3720] chdir("./file2") = 0 [pid 3720] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3732] <... futex resumed>) = ? [pid 3714] <... futex resumed>) = ? [pid 3732] +++ killed by SIGBUS +++ [pid 3715] +++ killed by SIGBUS +++ [pid 3714] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3714, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3720] <... openat resumed>) = 4 [pid 3719] <... openat resumed>) = 4 [pid 290] <... umount2 resumed>) = 0 [pid 3720] ioctl(4, LOOP_CLR_FD [pid 3719] ioctl(4, LOOP_CLR_FD [pid 290] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./114/file2") = 0 [pid 290] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./114/binderfs") = 0 [pid 290] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./114") = 0 [pid 290] mkdir("./115", 0777) = 0 [ 77.403711][ T3715] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3720] <... ioctl resumed>) = 0 [pid 291] <... umount2 resumed>) = 0 [pid 3720] close(4 [pid 291] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./111/file2") = 0 [pid 291] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./111/binderfs", [pid 3719] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 3719] close(4) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./111/binderfs") = 0 [pid 291] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./111") = 0 [pid 291] mkdir("./112", 0777) = 0 [pid 3719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3720] <... close resumed>) = 0 [pid 3720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... openat resumed>) = 3 [pid 3720] <... futex resumed>) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] ioctl(3, LOOP_CLR_FD [pid 3720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3716] <... futex resumed>) = 0 [pid 3720] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3720] <... openat resumed>) = 4 [pid 290] <... openat resumed>) = 3 [pid 3720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = 1 [pid 3718] <... futex resumed>) = 0 [pid 291] close(3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 287] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3720] <... futex resumed>) = 1 [pid 3719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3718] <... futex resumed>) = 0 [pid 3716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(AT_FDCWD, "./118/file2", [pid 3720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3719] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3718] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3716] <... futex resumed>) = 0 [pid 3720] write(4, "#! \n", 4 [pid 3716] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3720] <... write resumed>) = 4 [pid 3716] <... futex resumed>) = 0 [pid 3720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... openat resumed>) = 4 [pid 3716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3720] <... futex resumed>) = 0 [pid 3719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] <... futex resumed>) = 1 [pid 3718] <... futex resumed>) = 0 [pid 3716] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] <... mprotect resumed>) = 0 [pid 287] openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3718] <... futex resumed>) = 0 [pid 3716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3719] write(4, "#! \n", 4 [pid 3718] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] <... openat resumed>) = 4 [pid 3719] <... write resumed>) = 4 [pid 3718] <... futex resumed>) = 0 [pid 3716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 287] newfstatat(4, "", [pid 3719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3719] <... futex resumed>) = 0 [pid 3718] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3716] <... clone3 resumed> => {parent_tid=[3737]}, 88) = 3737 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE [pid 3716] rt_sigprocmask(SIG_SETMASK, [], [pid 3718] <... mprotect resumed>) = 0 [pid 3716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] getdents64(4, [pid 3718] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3716] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3716] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} [pid 3716] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 3718] <... clone3 resumed> => {parent_tid=[3738]}, 88) = 3738 [pid 287] close(4 [pid 3718] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... close resumed>) = 0 [pid 3718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] rmdir("./118/file2" [pid 3718] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3737 attached [pid 3737] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3737] rt_sigprocmask(SIG_SETMASK, [], [pid 3718] <... futex resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 3718] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3737] write(4, "#! \n", 4 [pid 287] newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./118/binderfs" [pid 3737] <... write resumed>) = 4 [pid 3737] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... unlink resumed>) = 0 [pid 3716] <... futex resumed>) = 0 [pid 287] getdents64(3, [pid 3716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3720] <... futex resumed>) = 0 [pid 3716] <... futex resumed>) = 1 [pid 287] close(3 [pid 3720] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3738 attached [pid 3737] <... futex resumed>) = 1 [pid 3720] <... mmap resumed>) = 0x200000000000 [pid 287] <... close resumed>) = 0 [pid 3720] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] rmdir("./118" [pid 3738] set_robust_list(0x7f0aeccae9a0, 24 [pid 3737] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] <... futex resumed>) = 1 [pid 3716] <... futex resumed>) = 0 [pid 3720] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... rmdir resumed>) = 0 [pid 3720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3716] <... futex resumed>) = 0 [pid 287] mkdir("./119", 0777 [pid 3738] <... set_robust_list resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3738] write(4, "#! \n", 4) = 4 [pid 3738] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3718] <... futex resumed>) = 0 [pid 3718] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = 0 [pid 3718] <... futex resumed>) = 1 [pid 3719] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3718] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3719] <... mmap resumed>) = 0x200000000000 [pid 3719] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3718] <... futex resumed>) = 0 [pid 3719] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3718] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3718] <... futex resumed>) = 0 [pid 3718] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3738] <... futex resumed>) = 1 [pid 3738] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3716] <... futex resumed>) = ? [pid 3737] <... futex resumed>) = ? [pid 3737] +++ killed by SIGBUS +++ [pid 3720] +++ killed by SIGBUS +++ [pid 3716] +++ killed by SIGBUS +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3716, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3719] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3738] <... futex resumed>) = ? [pid 3718] <... futex resumed>) = ? [pid 3719] +++ killed by SIGBUS +++ [pid 3738] +++ killed by SIGBUS +++ [pid 3718] +++ killed by SIGBUS +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3718, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3739 ./strace-static-x86_64: Process 3739 attached [pid 3739] set_robust_list(0x555594a056a0, 24) = 0 [pid 3739] chdir("./119") = 0 [pid 3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3739] setpgid(0, 0) = 0 [pid 3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3739] write(3, "1000", 4) = 4 [pid 3739] close(3) = 0 [pid 3739] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 3739] write(1, "executing program\n", 18) = 18 [pid 3739] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3739] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0}./strace-static-x86_64: Process 3740 attached => {parent_tid=[3740]}, 88) = 3740 [pid 3740] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3740] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3739] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3740] <... futex resumed>) = 0 [pid 3740] memfd_create("syzkaller", 0 [pid 3739] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3740] <... memfd_create resumed>) = 3 [pid 3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3740] munmap(0x7f0ae48af000, 138412032) = 0 [ 77.525504][ T3720] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 77.529646][ T3719] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] <... close resumed>) = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] close(3) = 0 [pid 291] <... clone resumed>, child_tidptr=0x555594a05690) = 3741 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594a05690) = 3742 ./strace-static-x86_64: Process 3742 attached [pid 3742] set_robust_list(0x555594a056a0, 24) = 0 [pid 3742] chdir("./115") = 0 [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 3742] symlink("/dev/binderfs", "./binderfs" [pid 289] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3742] <... symlink resumed>) = 0 [pid 289] getdents64(4, [pid 3742] write(1, "executing program\n", 18) = 18 [pid 3742] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3742] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3742] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 3741 attached [pid 3741] set_robust_list(0x555594a056a0, 24 [pid 3742] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3741] <... set_robust_list resumed>) = 0 [pid 3741] chdir("./112") = 0 [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3742] <... clone3 resumed> => {parent_tid=[3743]}, 88) = 3743 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3741] <... openat resumed>) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] symlink("/dev/binderfs", "./binderfs"executing program [pid 289] <... getdents64 resumed>0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 executing program [pid 289] rmdir("./111/file2" [pid 3741] <... symlink resumed>) = 0 [pid 3741] write(1, "executing program\n", 18) = 18 [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3741] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3741] <... futex resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./111/binderfs", [pid 3741] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3741] <... rt_sigaction resumed>NULL, 8) = 0 [pid 289] unlink("./111/binderfs" [pid 3741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 289] <... unlink resumed>) = 0 [pid 289] getdents64(3, [pid 3741] <... mmap resumed>) = 0x7f0aeccaf000 [pid 289] <... getdents64 resumed>0x555594a06730 /* 0 entries */, 32768) = 0 [pid 3741] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE [pid 289] close(3 [pid 3741] <... mprotect resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 289] rmdir("./111") = 0 [pid 289] mkdir("./112", 0777 [pid 3741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 3743 attached [pid 3741] <... clone3 resumed> => {parent_tid=[3744]}, 88) = 3744 [pid 3741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3741] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3744 attached [pid 3744] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3744] memfd_create("syzkaller", 0 [pid 3743] set_robust_list(0x7f0aecccf9a0, 24 [pid 3744] <... memfd_create resumed>) = 3 [pid 3743] <... set_robust_list resumed>) = 0 [pid 3743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3743] memfd_create("syzkaller", 0) = 3 [pid 3743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3744] <... mmap resumed>) = 0x7f0ae48af000 [pid 3744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3744] <... write resumed>) = 524288 [pid 3744] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3744] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3743] <... write resumed>) = 524288 [pid 3743] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3743] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3740] <... openat resumed>) = 4 [pid 3743] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 288] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] newfstatat(AT_FDCWD, "./110/file2", [pid 289] close(3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 3740] ioctl(4, LOOP_SET_FD, 3 [pid 289] <... close resumed>) = 0 [pid 288] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3744] <... openat resumed>) = 4 [pid 3743] ioctl(4, LOOP_SET_FD, 3 [pid 288] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] <... clone resumed>, child_tidptr=0x555594a05690) = 3746 [pid 288] <... openat resumed>) = 4 [pid 3740] <... ioctl resumed>) = 0 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555594a0e770 /* 2 entries */, 32768) = 48 [pid 3740] close(3 [pid 288] getdents64(4, 0x555594a0e770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./110/file2") = 0 [pid 288] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./110/binderfs") = 0 [pid 288] getdents64(3, 0x555594a06730 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./110") = 0 [pid 288] mkdir("./111", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3740] <... close resumed>) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555594a05690) = 3747 ./strace-static-x86_64: Process 3746 attached [pid 3746] set_robust_list(0x555594a056a0, 24) = 0 [pid 3746] chdir("./112" [pid 3740] close(4 [pid 3746] <... chdir resumed>) = 0 [pid 3746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3746] setpgid(0, 0) = 0 [pid 3746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3744] ioctl(4, LOOP_SET_FD, 3 [pid 3740] <... close resumed>) = 0 [pid 3746] <... openat resumed>) = 3 [pid 3746] write(3, "1000", 4) = 4 [pid 3746] close(3) = 0 [pid 3746] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 3747 attached [pid 3747] set_robust_list(0x555594a056a0, 24 [pid 3740] mkdir("./file2", 0777 [pid 3747] <... set_robust_list resumed>) = 0 [pid 3747] chdir("./111" [pid 3746] write(1, "executing program\n", 18executing program ) = 18 [pid 3746] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... chdir resumed>) = 0 [pid 3746] <... futex resumed>) = 0 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3746] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, [pid 3747] <... prctl resumed>) = 0 [pid 3746] <... rt_sigaction resumed>NULL, 8) = 0 [pid 3747] setpgid(0, 0 [pid 3746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3747] <... setpgid resumed>) = 0 [pid 3746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3746] <... mmap resumed>) = 0x7f0aeccaf000 [pid 3746] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3746] rt_sigprocmask(SIG_BLOCK, ~[], [pid 3747] <... openat resumed>) = 3 [pid 3746] <... rt_sigprocmask resumed>[], 8) = 0 [pid 3746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] symlink("/dev/binderfs", "./binderfs"executing program [pid 3746] <... clone3 resumed> => {parent_tid=[3748]}, 88) = 3748 [pid 3746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3746] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3746] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3747] <... symlink resumed>) = 0 [pid 3740] <... mkdir resumed>) = 0 [pid 3747] write(1, "executing program\n", 18) = 18 [pid 3740] mount("/dev/loop0", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3747] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aecd390e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aecd2a290}, NULL, 8) = 0 [pid 3747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aeccaf000 [pid 3747] mprotect(0x7f0aeccb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aecccf990, parent_tid=0x7f0aecccf990, exit_signal=0, stack=0x7f0aeccaf000, stack_size=0x20300, tls=0x7f0aecccf6c0} => {parent_tid=[3750]}, 88) = 3750 [pid 3747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3750 attached [pid 3750] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3750] memfd_create("syzkaller", 0) = 3 [pid 3750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3743] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 3748 attached [pid 3748] set_robust_list(0x7f0aecccf9a0, 24) = 0 [pid 3748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae48af000 [pid 3743] close(3) = 0 [pid 3743] close(4 [pid 3750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3744] <... ioctl resumed>) = 0 [pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3750] <... write resumed>) = 524288 [pid 3744] close(3 [pid 3743] <... close resumed>) = 0 [pid 3744] <... close resumed>) = 0 [pid 3743] mkdir("./file2", 0777 [pid 3744] close(4 [pid 3750] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3743] <... mkdir resumed>) = 0 [pid 3744] <... close resumed>) = 0 [pid 3744] mkdir("./file2", 0777 [pid 3748] <... write resumed>) = 524288 [pid 3750] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3750] ioctl(4, LOOP_SET_FD, 3 [pid 3748] munmap(0x7f0ae48af000, 138412032) = 0 [pid 3748] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3744] <... mkdir resumed>) = 0 [pid 3750] <... ioctl resumed>) = 0 [pid 3750] close(3) = 0 [pid 3750] close(4 [pid 3743] mount("/dev/loop3", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3744] mount("/dev/loop4", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3740] <... mount resumed>) = 0 [pid 3740] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3740] chdir("./file2") = 0 [pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3750] <... close resumed>) = 0 [pid 3750] mkdir("./file2", 0777) = 0 [pid 3748] <... openat resumed>) = 4 [pid 3750] mount("/dev/loop1", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3740] <... openat resumed>) = 4 [pid 3740] ioctl(4, LOOP_CLR_FD) = 0 [pid 3740] close(4) = 0 [pid 3740] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3739] <... futex resumed>) = 0 [pid 3740] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3739] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3739] <... futex resumed>) = 0 [pid 3740] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3739] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] ioctl(4, LOOP_SET_FD, 3 [pid 3740] <... openat resumed>) = 4 [pid 3740] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... ioctl resumed>) = 0 [pid 3740] <... futex resumed>) = 1 [pid 3739] <... futex resumed>) = 0 [pid 3739] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3739] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3756]}, 88) = 3756 [pid 3739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3739] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3756] write(4, "#! \n", 4) = 4 [pid 3756] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... futex resumed>) = 0 [pid 3739] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000 [pid 3756] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... futex resumed>) = 0 [pid 3739] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x200000000000 [pid 3748] close(3 [pid 3740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000180} --- [pid 3748] <... close resumed>) = 0 [pid 3748] close(4) = 0 [pid 3748] mkdir("./file2", 0777) = 0 [pid 3748] mount("/dev/loop2", "./file2", "ext4", MS_RELATIME, "dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue" [pid 3739] <... futex resumed>) = ? [pid 3756] <... ioctl resumed>) = ? [pid 3756] +++ killed by SIGBUS +++ [pid 3740] +++ killed by SIGBUS +++ [pid 3739] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3739, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 3744] <... mount resumed>) = 0 [pid 3743] <... mount resumed>) = 0 [pid 3750] <... mount resumed>) = 0 [pid 3744] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3743] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3750] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 3744] <... openat resumed>) = 3 [pid 3743] <... openat resumed>) = 3 [pid 3750] <... openat resumed>) = 3 [pid 3744] chdir("./file2" [pid 3743] chdir("./file2" [pid 3750] chdir("./file2" [pid 3744] <... chdir resumed>) = 0 [pid 3750] <... chdir resumed>) = 0 [pid 3744] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3743] <... chdir resumed>) = 0 [pid 3750] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3744] <... openat resumed>) = 4 [pid 3743] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3750] <... openat resumed>) = 4 [pid 3743] <... openat resumed>) = 4 [pid 3744] ioctl(4, LOOP_CLR_FD [pid 3750] ioctl(4, LOOP_CLR_FD [pid 3743] ioctl(4, LOOP_CLR_FD [pid 3750] <... ioctl resumed>) = 0 [pid 3744] <... ioctl resumed>) = 0 [pid 3743] <... ioctl resumed>) = 0 [pid 3750] close(4 [pid 3744] close(4 [pid 3743] close(4 [pid 3750] <... close resumed>) = 0 [pid 3744] <... close resumed>) = 0 [pid 3750] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3750] <... futex resumed>) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = 1 [pid 3743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3750] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3743] <... futex resumed>) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3741] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3747] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3743] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3750] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3744] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] <... futex resumed>) = 0 [pid 3741] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3743] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3744] <... openat resumed>) = 4 [pid 3750] <... openat resumed>) = 4 [pid 3744] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... openat resumed>) = 4 [pid 287] newfstatat(3, "", [pid 3750] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 1 [pid 3743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 3750] <... futex resumed>) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3744] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3743] <... futex resumed>) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3741] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(3, [pid 3750] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3743] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x555594a06730 /* 4 entries */, 32768) = 112 [pid 3750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3747] <... futex resumed>) = 0 [pid 3744] write(4, "#! \n", 4 [pid 3743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3742] <... futex resumed>) = 0 [pid 3741] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3750] write(4, "#! \n", 4 [pid 3747] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... write resumed>) = 4 [pid 3743] write(4, "#! \n", 4 [pid 3742] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [ 77.715669][ T3740] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3750] <... write resumed>) = 4 [pid 3750] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3742] <... futex resumed>) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3743] <... write resumed>) = 4 [pid 3742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3747] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3744] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3741] <... mmap resumed>) = 0x7f0aecc8e000 [pid 3748] <... mount resumed>) = 0 [pid 3748] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 3748] chdir("./file2") = 0 [pid 3748] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3748] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3765]}, 88) = 3765 [pid 3747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3747] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3743] <... futex resumed>) = 0 [pid 3743] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3766]}, 88) = 3766 [pid 3742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3742] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3741] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3767]}, 88) = 3767 [pid 3741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3741] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3746] <... futex resumed>) = 0 [pid 3746] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = 0 [pid 3746] <... futex resumed>) = 1 [pid 3748] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3746] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... openat resumed>) = 4 [pid 3748] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3746] <... futex resumed>) = 0 [pid 3748] write(4, "#! \n", 4 [pid 3746] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... write resumed>) = 4 [pid 3746] <... futex resumed>) = 0 [pid 3748] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3746] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = 0 [pid 3746] <... futex resumed>) = 0 [pid 3748] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aecc8e000 [pid 3746] mprotect(0x7f0aecc8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 3746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aeccae990, parent_tid=0x7f0aeccae990, exit_signal=0, stack=0x7f0aecc8e000, stack_size=0x20300, tls=0x7f0aeccae6c0} => {parent_tid=[3768]}, 88) = 3768 [pid 3746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3746] futex(0x7f0aecd9a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3746] futex(0x7f0aecd9a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3765 attached [pid 3765] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3765] write(4, "#! \n", 4) = 4 [ 77.758346][ T9] ------------[ cut here ]------------ [ 77.763643][ T9] kernel BUG at fs/ext4/inode.c:2777! [ 77.769719][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 77.775617][ T9] CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 77.785242][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 77.790873][ T3750] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, [pid 3765] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3747] <... futex resumed>) = 1 [pid 3750] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3750] <... mmap resumed>) = 0x200000000000 [pid 3750] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3750] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3765] <... futex resumed>) = 1 [pid 3765] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3765] <... futex resumed>) = ? [pid 3747] <... futex resumed>) = ? [pid 3765] +++ killed by SIGBUS +++ [pid 3750] +++ killed by SIGBUS +++ [pid 3747] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 3766 attached [pid 3766] set_robust_list(0x7f0aeccae9a0, 24) = 0 [pid 3766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 3766] write(4, "#! \n", 4) = 4 [ 77.795152][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 77.803156][ T3750] block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 77.808936][ T9] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 77.808947][ T9] Code: 28 8c ff 31 ff 89 de e8 af 28 8c ff 45 84 f6 75 27 e8 15 26 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 01 26 8c ff <0f> 0b e8 fa 25 8c ff e8 c1 e2 21 ff eb 9b e8 ee 25 8c ff e8 b5 e2 [ 77.808962][ T9] RSP: 0018:ffffc900000970a0 EFLAGS: 00010293 [ 77.848635][ T9] RAX: ffffffff81de994f RBX: 0000008000000000 RCX: ffff88810024bb40 [ 77.856443][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 77.864260][ T9] RBP: ffffc90000097490 R08: ffffffff81de63c3 R09: ffffed10242092ff [ 77.872152][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 77.879965][ T9] R13: ffffc900000977d0 R14: 000000c410000000 R15: ffffc90000097360 [ 77.887873][ T9] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 77.896633][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.903051][ T9] CR2: 00007f0aeccd0000 CR3: 0000000112be7000 CR4: 00000000003506a0 [ 77.910956][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.918762][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.926576][ T9] Call Trace: [ 77.929707][ T9] ? __die_body+0x62/0xb0 [ 77.933874][ T9] ? die+0x88/0xb0 [ 77.937426][ T9] ? do_trap+0x1a4/0x310 [ 77.941509][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 77.946454][ T9] ? handle_invalid_op+0x95/0xc0 [ 77.951229][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 77.956175][ T9] ? exc_invalid_op+0x32/0x50 [ 77.960688][ T9] ? asm_exc_invalid_op+0x12/0x20 [ 77.965549][ T9] ? ext4_writepages+0x653/0x3c00 [ 77.970408][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 77.975357][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 77.980306][ T9] ? __kasan_check_write+0x14/0x20 [ 77.985256][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 77.989862][ T9] ? _raw_spin_trylock_bh+0x190/0x190 [ 77.995064][ T9] ? pagecache_get_page+0x86c/0x950 [ 78.000098][ T9] ? __kasan_check_write+0x14/0x20 [ 78.005048][ T9] ? __find_get_block+0xfbe/0x1320 [ 78.009995][ T9] ? write_boundary_block+0x150/0x150 [ 78.015261][ T9] ? sched_group_set_shares+0x490/0x490 [ 78.020581][ T9] ? ext4_readpage+0x230/0x230 [ 78.025182][ T9] ? __getblk_gfp+0x3d/0x7e0 [ 78.029608][ T9] ? ext4_get_group_desc+0x260/0x2b0 [ 78.034742][ T9] ? ext4_readpage+0x230/0x230 [ 78.039331][ T9] do_writepages+0x12e/0x270 [ 78.043760][ T9] ? __writepage+0x130/0x130 [ 78.048182][ T9] ? __kasan_check_write+0x14/0x20 [ 78.053130][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 78.057734][ T9] __writeback_single_inode+0xd7/0xac0 [ 78.063027][ T9] writeback_sb_inodes+0x99c/0x16b0 [ 78.068059][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 78.072660][ T9] ? queue_io+0x520/0x520 [ 78.076828][ T9] ? writeback_sb_inodes+0x16b0/0x16b0 [ 78.082121][ T9] ? queue_io+0x3d3/0x520 [ 78.086288][ T9] wb_writeback+0x404/0xc60 [ 78.090634][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 78.096097][ T9] ? set_worker_desc+0x158/0x1c0 [ 78.100891][ T9] ? update_load_avg+0x541/0x1690 [ 78.105730][ T9] ? __kasan_check_write+0x14/0x20 [ 78.110690][ T9] wb_workfn+0x3d9/0x1110 [ 78.114849][ T9] ? inode_wait_for_writeback+0x280/0x280 [ 78.120401][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 78.125437][ T9] ? finish_task_switch+0x130/0x5a0 [ 78.130470][ T9] ? switch_mm_irqs_off+0x71b/0x9a0 [ 78.135506][ T9] ? __switch_to_asm+0x34/0x60 [ 78.140107][ T9] ? __kasan_check_read+0x11/0x20 [ 78.144966][ T9] ? read_word_at_a_time+0x12/0x20 [ 78.149914][ T9] ? strscpy+0x9c/0x260 [ 78.153907][ T9] process_one_work+0x6dc/0xbd0 [pid 3766] futex(0x7f0aecd9a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] <... futex resumed>) = 0 [pid 3742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] <... futex resumed>) = 0 [pid 3742] <... futex resumed>) = 1 [pid 3743] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3768 attached ./strace-static-x86_64: Process 3767 attached [pid 3746] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3743] <... mmap resumed>) = 0x200000000000 [pid 3741] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3747, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 288] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 3768] set_robust_list(0x7f0aeccae9a0, 24 [pid 3767] set_robust_list(0x7f0aeccae9a0, 24 [pid 3746] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... set_robust_list resumed>) = 0 [pid 3767] <... set_robust_list resumed>) = 0 [pid 3748] <... futex resumed>) = 0 [pid 3746] <... futex resumed>) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3743] <... futex resumed>) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3741] <... futex resumed>) = 1 [pid 3742] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3766] <... futex resumed>) = 1 [pid 3766] futex(0x7f0aecd9a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3768] rt_sigprocmask(SIG_SETMASK, [], [pid 3767] rt_sigprocmask(SIG_SETMASK, [], [pid 3748] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3746] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.158608][ T9] worker_thread+0xaea/0x1510 [ 78.163108][ T9] kthread+0x34b/0x3d0 [ 78.167012][ T9] ? worker_clr_flags+0x180/0x180 [ 78.171882][ T9] ? kthread_blkcg+0xd0/0xd0 [ 78.176297][ T9] ret_from_fork+0x1f/0x30 [ 78.180658][ T9] Modules linked in: [ 78.184837][ T9] ---[ end trace 977c8f6dbe27a718 ]--- [ 78.191409][ T9] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [pid 3744] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 3768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 3748] <... mmap resumed>) = 0x200000000000 [pid 3744] <... mmap resumed>) = 0x200000000000 [pid 3748] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 78.197590][ T3743] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 78.198997][ T3767] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 78.212769][ T9] Code: 28 8c ff 31 ff 89 de e8 af 28 8c ff 45 84 f6 75 27 e8 15 26 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 01 26 8c ff <0f> 0b e8 fa 25 8c ff e8 c1 e2 21 ff eb 9b e8 ee 25 8c ff e8 b5 e2 [ 78.226944][ T3768] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [pid 3744] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3742] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 3741] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3768] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000180} --- [pid 3766] <... futex resumed>) = ? [pid 3748] <... futex resumed>) = 1 [pid 3746] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = 0 [pid 3741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3748] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3746] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] futex(0x7f0aecd9a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3746] <... futex resumed>) = 0 [pid 3744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3741] <... futex resumed>) = 0 [pid 3748] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000000} --- [pid 3746] read(-321280512, [pid 3741] futex(0x7f0aecd9a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3744] ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x200000000000) = -1 ENOTTY (Inappropriate ioctl for device) [pid 3748] +++ killed by SIGBUS +++ [pid 3744] futex(0x7f0aecd9a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3743] +++ killed by SIGBUS +++ [pid 3744] <... futex resumed>) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3744] futex(0x7f0aecd9a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3767] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000180} --- [pid 3744] <... futex resumed>) = ? [pid 3744] +++ killed by SIGBUS +++ [pid 3767] +++ killed by SIGBUS +++ [pid 3741] +++ killed by SIGBUS +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3741, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 3766] +++ killed by SIGBUS +++ [pid 3742] +++ killed by SIGBUS +++ [pid 3768] +++ killed by SIGBUS +++ [pid 3746] +++ killed by SIGBUS +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3742, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=36} --- [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3746, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [ 78.246647][ T9] RSP: 0018:ffffc900000970a0 EFLAGS: 00010293 [ 78.263742][ T24] audit: type=1400 audit(1742451874.020:81): avc: denied { ioctl } for pid=3741 comm="syz-executor381" path="/root/syzkaller.qecwZR/112/file2/blkio.bfq.io_service_bytes" dev="loop4" ino=18 ioctlcmd=0x662b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 78.267731][ T9] RAX: ffffffff81de994f RBX: 0000008000000000 RCX: ffff88810024bb40 [ 78.303542][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [pid 291] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 289] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555594a06730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.311331][ T9] RBP: ffffc90000097490 R08: ffffffff81de63c3 R09: ffffed10242092ff [ 78.311492][ T324] ------------[ cut here ]------------ [ 78.320466][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 78.332505][ T324] kernel BUG at fs/ext4/inode.c:2777! [ 78.334914][ T9] R13: ffffc900000977d0 R14: 000000c410000000 R15: ffffc90000097360 [ 78.337790][ T324] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 78.337813][ T324] CPU: 1 PID: 324 Comm: kworker/u4:3 Tainted: G D 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 78.348252][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 78.351409][ T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 78.363123][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.371543][ T324] Workqueue: writeback wb_workfn (flush-7:4) [ 78.371565][ T324] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 78.371582][ T324] Code: 28 8c ff 31 ff 89 de e8 af 28 8c ff 45 84 f6 75 27 e8 15 26 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 01 26 8c ff <0f> 0b e8 fa 25 8c ff e8 c1 e2 21 ff eb 9b e8 ee 25 8c ff e8 b5 e2 [ 78.381646][ T9] CR2: 00007ffdd67d2cb8 CR3: 000000011d782000 CR4: 00000000003506b0 [ 78.387861][ T324] RSP: 0018:ffffc90000de70a0 EFLAGS: 00010293 [ 78.387897][ T324] RAX: ffffffff81de994f RBX: 0000008000000000 RCX: ffff88810d55a780 [ 78.387917][ T324] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 78.394073][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.399365][ T324] RBP: ffffc90000de7490 R08: ffffffff81de63c3 R09: ffffed1024222c98 [ 78.399374][ T324] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 78.399382][ T324] R13: ffffc90000de77d0 R14: 000000c410000000 R15: ffffc90000de7360 [ 78.399393][ T324] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 78.399401][ T324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.399409][ T324] CR2: 0000200000000180 CR3: 000000011d69d000 CR4: 00000000003506a0 [ 78.399420][ T324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.399427][ T324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.399443][ T324] Call Trace: [ 78.419417][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.426623][ T324] ? __die_body+0x62/0xb0 [ 78.432670][ T9] Kernel panic - not syncing: Fatal exception [ 78.440512][ T324] ? die+0x88/0xb0 [ 78.542773][ T324] ? do_trap+0x1a4/0x310 [ 78.546821][ T324] ? ext4_writepages+0x3bdf/0x3c00 [ 78.552118][ T324] ? handle_invalid_op+0x95/0xc0 [ 78.556887][ T324] ? ext4_writepages+0x3bdf/0x3c00 [ 78.561832][ T324] ? exc_invalid_op+0x32/0x50 [ 78.566452][ T324] ? asm_exc_invalid_op+0x12/0x20 [ 78.571480][ T324] ? ext4_writepages+0x653/0x3c00 [ 78.576865][ T324] ? ext4_writepages+0x3bdf/0x3c00 [ 78.581810][ T324] ? ext4_writepages+0x3bdf/0x3c00 [ 78.586760][ T324] ? update_load_avg+0xdaa/0x1690 [ 78.591632][ T324] ? __kasan_check_read+0x11/0x20 [ 78.596484][ T324] ? mark_page_accessed+0x4f8/0x900 [ 78.601518][ T324] ? __find_get_block+0xdce/0x1320 [ 78.606462][ T324] ? write_boundary_block+0x150/0x150 [ 78.611672][ T324] ? sched_group_set_shares+0x490/0x490 [ 78.617052][ T324] ? ext4_readpage+0x230/0x230 [ 78.621740][ T324] ? __getblk_gfp+0x3d/0x7e0 [ 78.626165][ T324] ? ext4_get_group_desc+0x260/0x2b0 [ 78.631289][ T324] ? __ext4_get_inode_loc+0x5af/0xbf0 [ 78.636502][ T324] ? ext4_readpage+0x230/0x230 [ 78.641097][ T324] do_writepages+0x12e/0x270 [ 78.645523][ T324] ? __writepage+0x130/0x130 [ 78.649973][ T324] ? __kasan_check_write+0x14/0x20 [ 78.654893][ T324] ? _raw_spin_lock+0xa4/0x1b0 [ 78.659498][ T324] __writeback_single_inode+0xd7/0xac0 [ 78.664878][ T324] writeback_sb_inodes+0x99c/0x16b0 [ 78.669920][ T324] ? _raw_spin_lock+0xa4/0x1b0 [ 78.674523][ T324] ? queue_io+0x520/0x520 [ 78.678677][ T324] ? writeback_sb_inodes+0x16b0/0x16b0 [ 78.683975][ T324] ? queue_io+0x3d3/0x520 [ 78.688139][ T324] wb_writeback+0x404/0xc60 [ 78.692478][ T324] ? wb_io_lists_depopulated+0x180/0x180 [ 78.697949][ T324] ? set_worker_desc+0x158/0x1c0 [ 78.702769][ T324] ? update_load_avg+0x541/0x1690 [ 78.707581][ T324] ? __kasan_check_write+0x14/0x20 [ 78.712529][ T324] wb_workfn+0x3d9/0x1110 [ 78.716702][ T324] ? inode_wait_for_writeback+0x280/0x280 [ 78.722250][ T324] ? _raw_spin_unlock_irq+0x4e/0x70 [ 78.727314][ T324] ? finish_task_switch+0x130/0x5a0 [ 78.732329][ T324] ? switch_mm_irqs_off+0x33c/0x9a0 [ 78.737364][ T324] ? __switch_to_asm+0x34/0x60 [ 78.741959][ T324] ? __kasan_check_read+0x11/0x20 [ 78.746828][ T324] ? read_word_at_a_time+0x12/0x20 [ 78.751761][ T324] ? strscpy+0x9c/0x260 [ 78.755758][ T324] process_one_work+0x6dc/0xbd0 [ 78.760883][ T324] worker_thread+0xaea/0x1510 [ 78.765392][ T324] ? _raw_spin_lock+0x1b0/0x1b0 [ 78.770085][ T324] ? __kasan_check_read+0x11/0x20 [ 78.774962][ T324] kthread+0x34b/0x3d0 [ 78.778844][ T324] ? worker_clr_flags+0x180/0x180 [ 78.783707][ T324] ? kthread_blkcg+0xd0/0xd0 [ 78.788128][ T324] ret_from_fork+0x1f/0x30 [ 78.792382][ T324] Modules linked in: [ 78.796309][ T9] Kernel Offset: disabled [ 78.800455][ T9] Rebooting in 86400 seconds..